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This  is  the  final  report  on  USAF  contract  number  F49620-83-C-0160, 
effective  date  83  Sep  30,  project  number  FQ  8671-8301504  3005/A1, 
duration  83  Sep  30  through  84  Mar  31. 

The  work  described  in  the  YLYK  Ltd.  proposal  (see  Appendix  A)  which 
led  to  this  SBIR  contract  was  completed  on  time,  and  within  budget. 
Moreover  the  outcome  was  largely  definitive  and  was  at  Least  as  good  as 
the  target  outcome  of  the  proposal.  This  report  is  prepared  to  meet  the 
84  May  31  deadline  for  final  report.  In  summary,  the  work  was  carried 
out  on  time,  on  target,  within  budget.  This  report  is  timely. 

In  the  interests  of  readability  this  final  report  is  organized  as 
follows : 

0.  Introduction 

1.  Overview  Narrative 

2.  Detailed  Narrative 

3.  Summary  of  tasks,  work,  discoveries,  recommendations  and 
alternatives 

4.  Future 

,1  *.  , 

5.  Appendices  ‘ 

A.  The  technical  part  of  the  YLYK  Ltd.  proposal  ^ - 

/  \ 

which  led  to  this  contract  / 

B.  Tables  of  GF(2+N)  arithmetic  V 

C.  Selected  tables  of  Vandermonde  matrices 

D.  Tables  of  ENF  (encode  normal  forms)  produced  by 
cold  precomputations 

E.  Examples  of  the  encode/decode  process 

F.  Copy  of  Yeh/Reed/Truong  paper  on  systolic  multipliers  A  I 

for  finite  fields  T\  I 

G.  Copy  of  Bloom  paper  on  threshold  schemes  ~~ 

H.  Program  for  encoding  procedure  (including  Stages  1,  2  and  4) 

I.  Program  for  decoding  procedure  (including  Stages  1,  2,  3  and  4) 

Section  3,  "Summary  of  tasks,  work,  discoveries,  recommendations 
and  alternatives"  is  the  heart  of  the  report.  It  describes  how  YLYK 
Ltd.  performed  its  agreed-upon  Task  1  and  Task  2.  The  reader  may  want 
to  skim  it  before  going  through  the  report  as  a  whole. 


1.  Overview  Narrative 

1.1  Red  Noise 

Appendix  A  contains  a  copy  of  the  YLYK  Ltd.  proposal  which  led  to 
the  contract  on  which  this  is  the  final  report.  In  the  interests  of 
readability  we  restate  the  idea  behind  the  p/s/r  processes,  along  with 
some  realistic  instances. 

A  sender  S  and  a  receiver  R  are  linked  by  n  channels  of 
approximately  equal  capacity.  All  communications  are  digital,  i.e.  are 
strings  of  bits  (0  or  1).  The  sender  and  the  receiver  anticipate 
traumas  which  will  inactivate  some  of  these  channels.  Nevertheless  both 
the  sender  and  the  receiver  expect  at  least  k  of  the  n  channels  to 
continue  to  function.  Here,  as  everywhere,  it  is  assumed  that  k  n. 

They  face  the  "red  noise"  problem.  How  does  the  sender  S  encode 
k  channels  worth  of  information  for  sending  along  n  channels  to  the 
receiver  R  in  such  a  way  that  R  can  recover  all  the  information 
cheaply  and  quickly  as  long  as  any  k  of  the  n  channels  remain 
operative?  The  sender  S  must  encode  in  ignorance  of  which  k 
channels  will  survive  the  trauma  and  remain  operative.  Examples  of  the 
red  noise  problem  are  numerous.  We  sketch  out  a  few  here.  We  will 
return  to  them.  . 

i.  On-chip.  Certain  elements  on  a  chip  may  fail  permanently.  The 
number  n  of  channels  is  typically  less  than  100,  often  less  than 

10.  Here  k  is  usually  almost  as  big  as  n,  since  chips  with  lots 
of  hard  failures  are  typically  discarded.  Perhaps  k  =  n  -  1  is 
especially  important. 

11.  Packet  switching.  Here  the  packets  are  the  "channels". 
Occasionally  a  packet  is  destroyed  or  irrevocably  misrouted.  The 
number  n  of  total  packets  for  many  practical  examples  would  be 
less  than  200,  often  less  than  20.  Most  packets  should  arrive 
intact,  so  k  would  usually  be  near  n.  Perhaps  k  ■  n  -  1  is 
especially  Important. 


3 


iii.  Spread  spectrum.  Here  a  “channel"  might  be  a  frequency  if 
the  technique  employed  is  frequency  hopping.  Perhaps  quite  a  few 
frequencies  are  jammed.  The  number  n  of  total  frequencies  should 
usually  be  less  than  60,000  and  often  considerably  less  than  4,000. 
k  can  vary  all  over  the  lot.  In  battle  conditions  we  might  have 

k  <  n/10,  e.g.  only  k  =  70  "clean"  frequencies  among  n  =  1,000 
frequencies  being  used.  Those  who  feel  that  this  is  a  pessimistic 
estimate  should  consult  McEliece's  recent  paper  on  jamming  in 
Longo's  Springer-Verlag  book,  Secure  Digital  Communications. 

iv.  Hard  wires  or  fibers.  A  control  center  on  a  weapons  platform 
(plane,  ship,  etc.)  might  be  connected  by  n  =»  30  parallel  fibers 
to  a  propulsion  unit,  sensor,  control  surface,  or  weapons  pod.  It 
might  be  desirable  to  maintain  full  communication  even  after  20 
fibers  were  cut.  Here  k  =  10  *  n/3.  In  such  examples  n  less 
than  200  seems  plausible,  k  can  vary  all  over  the  lot. 

v.  Multiple  channels  between  manned  centers.  A  city  might  talk  to 
a  command  post  via  a  mixture  of  twisted  pairs,  fibers,  microwave 
relay  paths  and  satellite  links.  It  would  be  desirable  to  keep  up 
communication  if  half  of  the  n  =  20  channels  joining  them  fail. 

In  all  the  foregoing  examples  the  number  n  of  total  channels 
before  failures  occur  would  satisfy  the  inequality 

2t0  -  1  <  n  <  65,536  -  2tl6 

(where  we  use  the  ALGOL  arrow  notation  2tl6  instead  of  the  older 
exponent  notation  2^).  We  will  adopt  the  inequality  above  once  for 
all  as  an  explicit  assumption  : 

At  least  one  "channel”; 

At  most  65,536  "channels”. 

The  reader  is  asked  to  bear  it  in  mind  everywhere  below.  Another 
categorical  assumption  is: 


Every  signal  is  digital 


'  •  -*.■ 


1.2  Bloom  pool/split/restitute  processes 

A  solution  to  the  red  noise  problem  is  called  a  p/s/r  process.  We 
will  discuss  only  Bloom  p/s/r  processes  and  their  close  relatives  here. 
See  Appendix  G  for  the  first  exposition  of  the  idea  behind  Bloom 
threshold  schemes  and  p/s/r  processes.  They  make  use  of  many  of  the 
ideas  which  arise  in  Reed-Solomon  error  control  codes.  But  we  will  not 
explicitly  pursue  any  resemblances  to  the  latter  structure. 

The  idea  behind  a  k-out-of-n  Bloom  p/s/r  process  is  to  enable  a 
sender  to  use  finite  field  arithmetic  and  linear  algebra  to  smear  k 
channels  worth  of  Information  into  n  channels  worth  of  transmission  to 
a  receiver  R  in  such  a  way  that  all  the  original  information  can  be 
quickly  reclaimed  from  the  outputs  of  any  k  of  the  n  channels,  even 
if  n  -  k  of  them  do  not  carry  any  information  to  the  receiver  (i.e. 
even  if  n  -  k  of  the  n  channels  are  inoperative). 

Bloom's  approach  to  building  a  k-out-of-n  p/s/r  process  makes  use 
of  a  field  F  containing  at  least  n  elements,  and  a  k  dimensional 
vector  space  V  over  F.  It  is  easy  to  verify  that  there  is  at  least 


one  collection 


B  -  (B(l),  B(2) ,  ...,  B(n) }  V 


of  n  vectors  in  general  position  in  V  (meaning  that  every  k-member 
subset  of  B  is  a  basis  of  V).  Sender  S  and  receiver  R  agree  on 
one  such  B  and  refer  everything  to  it.  Given  a  list 

I  -  (1(1),  1(2),  ...,  l(k))  c  Fk 

of  k  pieces  of  information  (i.e.  k  members  of  the  field  F)  define  a 
linear  functional 

L:  V  ♦  F 


with  the  property  that 


L(B(j))  -  I(j) 


for  each  positive  Integer  j  k.  These  k  pieces  of  information 
provide  a  complete  unique  specification  of  the  linear  map  L  since 


(B(l),  B(2) . B(k)  } 

is  a  basis  of  V.  But 

{B(w(  1 ))  ,  B(w(2)) . B(w(k))} 

is  also  a  basis  of  V  for  any  injection  (one-to-one  function) 


w:  (1,  2,  ....  k}  ♦  Cl,  2,  n) 

So  you  can  reconstruct  L,  and  therefore  determine  the  list 

I  =  (1(1),  1(2) . I(k)) 

if  you  know  the  value  of  L  at  any  k  members 

B(w(l)),  B(w(2)) . B(w(k) ) 

of  the  set  V. 

Now  it  is  obvious  how  to  encode  and  decode.  To  encode  the  list  I, 
form  L  and  send  L(B(j))  down  channel  j  for  each  positive  integer 
j  _<  n.  To  decode  (i.e.  to  recover  I  from  the  signals  received  on  any 
k  of  the  n  channels)  form  L  and  then  determine 

L(B(j))  =  I(j) 

for  each  positive  integer  j  k.  This  is  possible  since  any 

B(w( 1 )) ,  B(w(2)),  B(w(k))  make  up  a  basis  for  V,  and  since  a 

linear  map  L  with  domain  V  is  determined  by  its  values  on  a  basis  of 

V. 

1.3  Making  hyperfast  Bloom  p/s/r  processes.  Stages. 


YLYK  Ltd.  set  out  to  Cake  this  simple  mathematical  structure,  the 
abstract  Bloom  p/s/r  process,  and  produce  an  abstract  design  of  a  p/s/r 
process  which  would  run  very  fast  on  very  cheap  hardware.  In  this  Phase 
1  SBIR  effort  no  attempt  was  made  to  produce  or  design  hardware. 


Rather,  the  purpose  of  the  work  was  to  produce  an  abstract  design  of  a 


system  capable  of  operating  at  megabit  per  second  rates  and  above.  On 
the  basis  of  this  abstract  design  the  hardware  design  should  be  possible 
with  few  or  no  further  abstract  considerations. 

Roughly  speaking,  the  problems  to  be  overcome  fall  into  4  stages: 

1.  Cold  precomputation.  The  cold  precomputation  must  be  done  before 
the  p/s/r  equipment  is  built.  These  precomputations  will  not  slow 
down  system  operation.  It  would  be  perfectly  acceptable  if  they 
took  months  to  perform.  In  fact  they  can  be  completed  in  a  minute 
except  in  very  large  cases  discussed  below. 

2.  Cool  precomputation.  The  cool  precomputations  take  place  each  time 
sender  S  and  receiver  R  agree  on  the  k  and  the  n  for  a 
session  of  communication  using  a  k-out-of-n  p/s/r  process.  The 
cool  precomputations  will  involve  a  minor  delay,  probably  causing 
no  inconvenience.  This  delay  will  usually  be  less  than  a  second  in 
reasonable  sized  cases  as  noted  below. 

3.  Hot  precomputation.  The  hot  precomputation  takes  place  after  some 
channels  have  gone  down.  The  receiver  determines  which  k 
channels  are  still  operating.  This  amounts  to  finding  out  out 
which  subset  B(w(l)),  B(w(2)),  ...,  B(w(k))  of  B  will  be  used. 
Since  the  communication  session  is  ongoing,  any  delay  here  is 
undesirable.  Either  you  lose  information  on  the  fly  or  you  pay  for 
a  buffer  to  hold  undecoded  material  until  your  decode  goes  on 
stream.  Unfortunately  the  hot  precomputations  can  take  many 
milliseconds.  It  is  doubtful  that  a  significant  further 
improvement  over  the  scheme  YLYK  Ltd.  has  formulated  is  possible 
here. 

4.  Real-time  on-line  encode  or  decode.  The  real-time  on-line  encode 
or  decode  stage  should  be  able  to  keep  up  with  high  bit  rate 
Inputs.  In  an  "impedance  matched"  situation  the  computer  clock 
should  tick  at  least  once  per  arriving  bit.  For  example,  consider 
a  5-out-of-9  p/s/r  process.  Suppose  that  each  of  the  5  operative 
channels  carries  a  signal  at  10  megabits  per  second  and  that  the 
"matched  computer  clocks"  in  the  decoding  system  therefore  push  the 
computer  to  perform  10  similar  logical  operations  (such  as  XOR, 
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i.e.  exclusive  or,  of  4-bit  words)  per  microsecond.  it  would  be 
desirable  to  produce  decoded  output  on  all  5  decoded  plaintext 
channels  at  a  rate  of  10  megabits  per  second.  It  appears  possible 
to  achieve  such  throughput  rates,  but  with  a  certain  short  lag 
time.  For  example,  the  10  megabit  per  second  decoded  output  might 
lag  the  received  bit  stream  by  2  microseconds.  In  other  words  the 
decoded  bit  streams  proceeds  at  the  same  rate  as  the  received 
encoded  bit  streams.  But  the  decoded  streams  lag  the  received 
encoded  streams  by  a  phase  lag  of  20  clock  ticks,  i.e.  by  20  bits. 

We  must  deal  with  each  of  these  four  computational  stages 
separately.  The  first,  the  cold  precomputation  stage,  is  completely 
noncrltical.  Neither  time  nor  memory  is  important  as  long  as  the  needed 
output  can  be  produced  within  months  and  does  not  consist  of  too  many 
computer  words.  The  second  stage,  the  cool  precomputation,  is  not  very 
critical.  Presumably  it  occurs  in  tranquil  conditions  while  the  sender 
S  and  the  receiver  R  are  agreeing  on  a  k-out-of-n  scheme.  Days  could 
e Lapse  between  the  choice  of  k  and  n,  and  the  time  transmission 
starts.  And  almost  always  seconds  will  elapse.  It  is  therefore 
unlikely  that  the  procedure  described  below  for  cool  precomputation  will 
delay  timely  receipt  of  transmitted  messages.  Stage  3,  the  hot 
precompute,  is  usually  the  most  critical.  If  it  should  take  a  second  or 
more,  one  must  decide  whether  to  lose  a  lot  of  bits  or  spend  money  on 
buffers.  Stage  3,  therefore,  requires  extremely  close  attention.  Stage 
4,  the  real-time  on-line  decode,  is  crucial  but  not  troublesome.  There 
are  ways  to  carry  Stage  4  out  at  very  high  bit  rates,  given  adequate 
hardware.  There  is  a  "phase  lag"  i.e.  a  lag  of  several  bits  between 
received  input  signal  and  decoded  final  signal.  This  lag  can  be  reduced 
to  a  few  microseconds  in  existing  TTL  logic.  But  reducing  it  to  zero  is 
an  impossibility. 

. 

1.4.  Making  hyperfast  Bloom  p/s/r  processes.  Extreme  cases  of 
parameter  settings. 

So  much  for  the  four  stages  of  computation.  We  turn  now  to 
parameter  settings.  How  sensitive  is  a  k-out-of-n  p/s/r  process  to  k 
and  to  n? 
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First  let  us  dispense  with  the  four  extreme  cases.  These  are  the 
two  trivial  cases  k  =  0  or  k  =  n  and  the  two  easy  but  not  completely 
trivial  cases  k  =  1  or  k  =  n-1 .  A  0-out-of-n  p/s/r  process  is 
silly.  No  information  sent  on  n  channels  produces  no  information 
received.  No  p/s/r  coding  is  required.  The  n-out-of-n  case  is  far 
from  silly.  It  is  the  present  state  of  affairs.  Send  a  different 
message  on  each  of  n  channels  and  hope  they  all  get  through.  No  p/s/r 
coding  is  required.  The  1-out-of- n  case  is  also  easy  to  deal  with 
without  p/s/r  coding.  Send  the  same  message  on  all  channels  and  hope 
that  at  least  one  channel  remains  operative. 

The  (n-1 )-out-of-n  case  is  more  interesting.  It  will  also  bo 
important  in  some  applications.  Synchronize  the  channels.  To  p/s/r 
encode  the  information  let  the  first  n-1  channels  transmit  their 
messages  unaltered.  But  at  each  time  t,  add  (modulo  2)  the  bits  on 

the  first  n-1  channels  and  send  this  sum  (it,  too,  will  be  a  bit)  on 

the  nth  channel.  To  decode  when  one  of  the  first  n-1  channels,  say 
the  jth,  fails  you  do  as  follows.  If  it  { 1 ,  2,  ...,  n}\(j)  the 

decode  transformation  is  the  identity.  The  channel  is  carrying  its 

message  unaltered.  But  if  i  =  j,  just  form  the  sum  of  the  bits  on 
channels  1,  2,...,  j  —  1 ,  j+1,  ...,  n.  This  will  be  what  the  jth  channel 
would  have  carried  if  it  were  still  operative.  Note  that  the  cold 
precomputation,  cool  precomputation  and  hot  precomputation  are 
nonexistent.  The  on  line  computation  acts  on  a  single  bit  from  each 
channel.  And,  if  implemented  by  fast  hardware  as  indicated  in  Figure 
1.4.1  below  in  the  7-out-of-8  case,  the  output  bit  rate  is  the  same  as 
the  Input  bit  rate,  but  with  a  lag  of  3  =  log(8)  bits  (All  logarithms 
in  this  report  are  the  information  theorist's  logarithm  to  base  2). 

For  the  first  time  we  note  a  point  which  will  be  addressed  more 
fully  below.  Encoding  is  a  do-nothing  operation  on  all  plaintext 
channels  (i.e.  the  first  n-1  =  7  channels),  and  all  plaintext  channels 
remain  synchronized.  Encoding  is  a  do-something  operation  on  the 
8th  =  nth  channel.  To  keep  all  eight  channels  synchronized,  the 
receiver  must  do  something  to  every  channel.  In  the  7-out-of  8  case 
this  means  3  successive  stages  of  adding  0  to  what  comes  over  every 
one  of  the  first  n-1  =■  7  channels.  A  similar  statement  holds 
regarding  the  decode  process. 


Figure  1.4.1 


The  7-out-of-8  p/s/r  decode  when  channel  4  is  inoperative.  Assuming 
the  modulo  2  adders  (XOR)  can  operate  as  fast  as  bits  are  received  the 
output  bit  stream  will  have  the  same  speed  as  the  input  bit  streams  but 
will  lag  them  by  3  bit  positions.  NOP  means  no  operation.  +  stands 
for  modulo  2  addition.  Information  flows  downward. 


Figure  1.4.2 


A  variant  of  Figure  1.4,1.  The  receiver  sends  zeros  into  the  decode 
input  corresponding  to  the  missing  channel  4.  Information  flows 
downward. 


In  each  of  the  four  extreme  cases  described  in  this  subsection,  the 
decode  process  could  content  itself  with  treating  one  bit  at  a  time  from 
each  of  the  received  channels.  This  is  independent  of  n.  Thus  a  very 
cheap  programmable  logic  array  (PLA)  implementation  of  a  hyperfast  Bloom 
( n-1 )-out-of-n  p/s/r  process  is  possible  for  very  large  n.  The  lag 
time  would  be  about  log(n). 

1.5  Making  hyperfast  Bloom  p/s/r  processes.  Mean  parameter 
settings. 

Turning  now  from  the  four  extreme  cases  to  all  the  other  cases, 
which  we  shall  call  mean  cases,  we  note  that  the  p/s/r  processes  we  are 
dealing  with  always  satisfy  the  inequalities 

2  <  k  £  n  -  2  <  n  <  65,536  . 

No  mean  p/s/r  encode  or  decode  can  deal  with  just  one  bit  at  a  time.  In 
fact  one  must  deal  with  "words"  of  length  at  least  log(n)  from  each 
channel.  Recall  that  all  logarithms  are  the  information  theorist's 
logarithm  to  base  2  in  this  report.  As  noted  in  the  YLYK  Ltd.  proposal 
to  Air  Force  for  this  Phase  I  SBIR  proposal,  encode  and  decode  will  be 
done  using  GF(2+Q)  arithmetic.  As  noted  above,  we  will  deal  only  with 
Q  _<  16.  We  have  qlready  discussed  the  extreme  (n-1 )-out-of-n  case. 
This  extreme  case  can  be  dealt  with  using  GF(2)  arithmetic.  In 
dealing  with  mean  cases  we  will  usually  make  the  following  assumption: 

Q  e  {4,  8,  12,  16}. 

Thus  we  will  often  deal  just  with  the  arithmetic  of  GF(16),  GF(256), 
and  GF(65,536).  The  reason  for  this  is  that  4,  8  and  16  bit  words  are 
natural  objects  to  manipulate  on  standard  hardware. 

A  case  could  be  made  for  using  only  GF(65,536),  i.e.  for  sticking 
to  16  bit  words  for  standardization,  since  such  an  implementation  can 
"do  everything”.  But  this  size  seems  unwieldy  at  present.  It  may  be 
better  to  try  to  get  as  much  mileage  as  possible  out  of  the  GF(256) 
case,  i.e.  to  try  to  get  by  with  at  most  256  transmitted  channels.  We 
will  discuss  some  pros  and  cons  later. 
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1.6  Making  hyperfast  Bloom  p/s/r  processes.  Stage  4.  Real-time 
on-line  encode  or  decode. 

In  the  mean  cases  of  parameter  settings  one  thing  that  does  not 
change  with  parameter  setting  is  the  nature  of  the  real-time  on-line 
encode  or  decode  in  a  superfast  Bloom  k-out-of-n  p/s/r  process.  It  is 
matrix  multiplication.  Encode  is  so  like  decode  that  we  will 
concentrate  on  the  latter  in  this  section. 

To  each  k-eleraent  subset 

B*  =  {B( w( 1 ) ) ,  B(w(2) ) . B(w(k) ) } 

of 

B  =  (B(l  ),  B(2 ) . B(n)} 

there  corresponds  a  k  by  k  matrix  DEC[B*]  such  that 

B(i)  =  l  DEC [B*)(i,j)B(w(j)) 

for  every  positive  integer  i  £  k.  The  sura  is  over  all  positive 
integers  j  k.  As  long  as  a  given  collection 

(w(l),  w(2),  ... ,  w(k)} 

of  channels  is  operative  this  square  matrix  DEC[B*]  is  unchanging.  So 
the  block  diagram  for  decoding  the  ith  channel  is  contained  in  Figure 
1.6.1  below.  For  Illustrative  purposes  Figure  1.6.1  describes  a 
7-out-of-25  Bloom  p/s/r  process  in  which  the  receiver  knows  that 
channels  1,  2,  5,  7,  10,  12  and  19  are  operative.  Since  25  32  =  2+5 

we  can  use  5-bit  words,  i.e.  GF(32)  arithmetic.  So  the  7  inputs  to 
the  decoder  at  time  t  are  W0RD1  on  channel  1,  W0RD2  on  channel  2, 

WORD5  on  channel  5,  ...,  W0RD19  on  channel  19.  Here  of  course 


w(7)  -  19 


7-out-of-25  Bloom  p/s/r. 

Encode  is  similar. 
Information  flows  downward 
NOP  =  no  operation 


On  the  face  of  things  it  would  appear  that  one  would  have  to  use  5 
cycles  to  fill  In  the  (variable)  5-bit  multiplicand  WORD  w(j)  into  the 
box  which  multiplies  by  the  (fixed)  5-bit  multiplier  DEC[B*] ( i , j ) , 
then  take  more  than  5  additional  cycles  to  perform  the  GF(32) 
multiplication,  then  3  more  cycles  to  move  through  the  adders  (the  add 
operation  is  XOR).  This  would  involve  an  output  stream  slower  than  the 
one  bit  per  cycle  input  stream.  This,  however,  is  not  the  case.  We 
will  show  below  how  to  produce  a  one  bit  per  cycle  output  stream,  using 
appropriate  hardware.  Of  course  the  output  will  lag  the  input  in 
phase.  In  the  case  above  the  lag  will  be  about  18  cycles. 

Again  we  note  the  need  to  keep  parallel  channels  synchronized. 

This  means  that  even  the  plaintext  channels  will  be  "encoded”  (or 
"decoded").  This  will  be  done  by  multiplying  by  1,  then  adding  0, 
then  adding  another  0,  and  so  on  for  the  proper  number  of  steps. 

1.7  Making  hyperfast  Bloom  p/s/r  processes.  Stage  3. 

Hot  precomputation. 

Recall  that  we  are  considering  the  mean  cases  of  parameter 
settings.  Turning  now  from  Stage  4,  real-time  on-line  decode,  to 
Stage  3,  hot  precomputation,  we  come  to  an  important  problem.  You  want 
to  shorten  the  hot  precomputation  because  you  must  store  or  lose 
received  bits  while  it  takes  place.  It  turns  out  that  the  hot 
precomputation  should  be  done  somewhat  differently  for  different 
parameter  settings  in  the  mean  cases  of  parameter  settings. 

In  Section  2.5  below  we  take  up  this  matter  in  more  detail.  If  k 
or  n-k  is  small,  the  hot  precomputation  proceeds  quickly. 

In  summary,  the  only  rub  anywhere  in  the  system  occurs  In  the  hot 
precomputation.  And  it  is  worst  when  k  is  close  to  n/2.  In  many 
applications,  such  as  digital  voice,  where  loss  of  one  second's  worth  of 
transmission  is  tolerable,  the  rub  can  be  ignored.  In  other 
applications,  its  presence  may  necessitate  enough  buffer  memory  to  store 
several  second's  worth  of  received  material. 


Of  course  there  is  inevitably  one  other  place  where  simple  common 
sense  dictates  that  expense  is  inevitable,  not  for  memory  to  store 
signals  but  for  memory  and  processing  capability  to  do  computations.  In 
16  bit  applications  in  which  40,000  <  k  <  n  there  are  a  lot  of  received 
channels  and  some  very  big  (40,000  by  40,000)  matrices  to  build.  It  is 
important  to  keep  in  mind  the  admonition  that  most  systems  with  more 
than  256  channels  are  impractical.  We  return  to  this  matter  below. 

1.8.  Interfacing  error  control  devices  and  cryptographic  devices 
with  p/s/r  processes 

p/s/r  processes  work  best  on  channels  which  are  virtually 
error-free  while  operative  (like  some  optical  fibers),  but  which  can  be 
rendered  inoperative  for  long  periods  (e.g.  by  breaking  the  fibers).  If 
the  operative  channels  are  also  subject  to  intermittent  errors  then  one 
should  combine  ordinary  error  control  with  p/s/r  processes  in  the  manner 
shown  in  Figure  1.8.1.  First  p/s/r  encode,  then  error  control  encode, 
then  transmit,  then  receive,  then  error  control  decode,  then  p/s/r 
decode.  Doing  an  error  control  encode  before  the  p/s/r  encode  would  be 
silly.  We  will  not  belabor  this  point  further. 

Cryptographic  encode  should  probably  be  placed  before  p/s/r  encode 
and  cryptographic  decode  after  p/s/r  decode,  as  in  Figure  1.8.2.  But 

i 

this  is  a  matter  which  will  no  doubt  be  determined  by  an  appropriate 
branch  of  DOD,  and  we  will  therefore  not  treat  it  further. 

Figure  1.8.3  shows  the  concatenation  scheme  for  all  three 
processes.  All  figures  are  to  be  understood  as  showing  information 
flowing  downward. 
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2.  Detailed  Narrative 

2.1.  Finite  field  arithmetic.  Octal  notation  for  polynomials  and 
residue  classes  of  polynomials. 

It  is  no  longer  possible  or  desirable  to  avoid  technicalities.  We 
first  make  explicit  the  finite  field  arithmetic  behind  the  Bloom  p/s/r 
processes.  GF(2)  *  Z/2Z  is  the  field  with  two  elements.  Its 
arithmetic  (i.e.  its  add,  +,  subtract,  -,  multiply,  *,  and  divide,  /)  is 
summarized  in  the  tables 


0  0  1 


11  0 


0  0  1 


11  0 


0  0  0 


10  1 


0  I  undefined  0 


1  undefined  1 


Thus  x  +  y  *  x  -  y  for  every  x,  y  £  GF(2),  the  only  nonzero  product 
is  1*1*1,  and  division  by  zero  is  Impossible  (undefined).  You  can 
put  these  things  another  way.  +,  and  *  are  modulo  2  operations, 

and  you  cannot  divide  by  zero.  Alternatively,  +  and  -  are  XOR  of 
bits  (exclusive  or),  *  is  AND  of  bits,  and  you  cannot  divide  by  zero. 

Let  p(x)  be  a  polynomial  over  GF(2)  which  is  irreducible 
(unfactorable)  over  GF(2).  Examples  of  polynomials  over  GF(2)  which 
are  irreducible  over  GF(2)  are: 


x  +  1 


x+2  +  x  +  1 
x+3  +  x  +  1 
xt4  +  x  +  1 
xt5  +  x+2  +  l 
xt6  +  x  +  1 


xt7  +  x+3  +  l 
xt8  +  xt4  +  xt3  +  xt2  +  1 
x+12  +  xt6  +  xt4  +  x  +  1 
xf 16  +  xtl2  +  xt3  +  x  +  1 


V, 

V. 
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Examples  of  polynomials  over  GF(2)  which  are  reducible  over  GF(2) 
(i.e.  polynomials  which  can  be  factored)  are: 


A3 


xt2  +  x  =  x  *  (x  +  1) 

xt2  +  1  =  (x  +  1)  *  (x  +  1) 

x+4  +  x+2  +  L  =  (x+2  +  x  +  1)  *  (x+2  +  x  +  1) 

x+4  +  x+2  +  x  +  1  =  (x  +  1)  *  (x+3  +  x+2  +  1) 


Let  n  be  a  positive  integer.  The  field  GF(2+n)  is  defined  as 
follows.  Let  p(x)  be  an  nth  degree  (monic)  polynomial  over  GF(2) 
which  is  irreducible  over  GF(2).  Let  (p(x))  be  the  principal  ideal 
generated  by  p(x)  in  the  ring  POL  of  polynomials  over  GF(2).  Then 
GF(2+n)  is  the  quotient 

GF(2+n)  =  POL/ ( p(x) ) . 

of  the  ring  POL  modulo  the  principal  ideal  generated  by  p(x).  For 
example  if  p(x)  =*  x+3  +  x  +  1  then  the  version  of  GF(8)  =  GF(2+3) 
gotten  by  setting 


GF(8)  -  P0L/(p(x))  -  P0L/(x+3  +  x  +  1) 

consists  of  8  residue  classes  modulo  p(x)  =  x+3  +  x  +  1,  namely 

0  -  <0,0, 0>  =  CLASS  (0)  -  (0,  x+3  +  x  +  1,  ...} 

J_  -  <0,0, l>  -  CLASS  (1)  -  ll,  x+3  +  x,  ...} 

2  -  <0,1, 0>  =  CLASS  (x)  -  (x,  xt3  +  1,  ...} 

J3  *  <0 , 1 , 1 >  =  CLASS  (x+1)  -  {x+1,  x+3,  ...} 

4.  -  <1,0, 0>  -  CLASS  (x+2)  -  {xt2,  x+3  +  x+2  +  x  +  1,  ...} 

_5  -  <1,0, 1>  =  CLASS  (x+2  +  1)  -  {xt2  +  1,  x+3  +  x,  ...} 

6  -  <l,l,0>  =  CLASS  (x+2  +  x)  -  (x+2  +  x,  x+3  +  x+2  +  1,  ...} 

7  =■  <1,1, 1>  -  CLASS  (x+2  +  x  +  1)  -  (x+2  +  x  +  1,  x+3,  ...} 


It  is  too  tedious  to  use  a  notation  such  as 


-V.VVS 


CLASS  (xt2  +  x) 
or 

<1,0, 1> 

or 

{xt2  +  x,  x+3  +  x+2  +  1,  x+4, 

for  a  member  of  GF(8).  Therefore  we  adopt  the  octal  notation  used  In 
the  MIT  Press  book  of  Peterson  and  Weldon  on  error  correcting  codes.  An 
arable  numeral  with  neither  overbar  nor  underbar  Is  a  whole  number. 

Thus 

7  =  VII  =  seven, 

the  number  of  days  In  the  week.  An  arable  numeral  with  an  overbar  is  a 
polynomial  over  GF(2).  Thus 

7  -  <1,1, l>  -  x*2  +  x  +  1. 

And  an  arable  numeral  with  an  underbar  is  a  residue  class  (modulo  some 
agreed  upon  Irreducible  polynomial  p(x))  to  which  a  polynomial  q(x) 
belongs.  Thus  if  p(x)  =  x+3  +  x  +  1  is  agreed  upon  in  advance  then 

J_  *  {xt2  +  x  +  1,  x+3  +  xt2,  x+4  +  1,  x+5  +  xt3  +  x  +  1,  ...} 

-  (7,  74,  2l,  53,  ...} 

=  CLASS  (7)  mod  (IT) 

is  the  residue  class  modulo  x*3  +  x  +  1  whose  lowest  degree  member  is 
7  =*  x+2  +  x  +  1* 

We  now  agree  on  polynomials  over  GF(2)  of  degrees  2,  3,  4,  5,  6, 
7,  8,  12  and  16.  Each  of  them  is  irreducible  over  GF(2).  In  fact, 
each  of  them  is  a  primitive  irreducible  polynomial  over  GF(2).  There 
is  no  need  to  describe  the  notion  of  primitive  here.  Suffice  it  to  say 
that  It  Is  a  convenience,  and  is  explained  In  Peterson  and  Weldon. 

There  are  nine  standard  polynomials  to  be  understood  everywhere 
below.  They  are  the  polynomials  on  which  our  version  of  GF(4),  GF(8), 
GF( 16 ) ,  GF(32) ,  GF(64),  GF(128),  GF(256),  GF(4,096)  and  GF(65,536)  are 
based.  It  is,  of  course,  well  known  that  there  is  (up  to  isomorphism) 
only  one  Galois  field  of  any  given  size. 

The  nine  standard  polynomials  are 


T- 


7  =  x  +  2  +  x  +  1 

13  =  xt3  +  x  +  1 

23  =  x+4  4-  x  -H  1 

43  =  xt5  4-  x+2  +  1 
103  =  x+6  4-  x  4-  1 
TIT  =  xt7  +  Xt3  +  1 

435  =  x  +  8  4-  x+4  4-  xt3  +  xt2  4-  1 

10123  =  x+12  4-  xt6  4-  xt4  +  x  +  1 
210013  =  x+16  4-  x+12  4-  xi3  +  x  +  1 

Members  of  GF(2t4)  =  GF(16)  can  thus  be  represented  as  4-bit  words, 
i.e.  "numbers"  expressible  by  two  (underbarred)  octal  arabic  numerals, 
neither  of  which  is  8  or  9.  Members  of  GF(2t8)  “  GF(256)  “are"  8 
bit  words,  i.e.  "numbers"  expressible  by  three  (underbarred)  octal 
arabic  numerals  (8  and  9  will  not  be  used).  For  GF(2+12)  =  GF(4,096) 
we  use  12  bit  words,  i.e.  foursomes  of  underbarred  arabic  octal  numerals 
(no  8  or  9  allowed).  For  GF(2tl6)  =  GF(65,536)  we  use  16  bit  words, 
underbarred  6  "digit"  arabic  numerals  (with  no  occurrence  of  8  or  9). 

To  exemplify  the  arithmetic  of  GF(2+n)  we  will  give  tables  for: 


GF(4 )  as  P0L/(xt2  4-  x  4-  1)  -  P0L/(7) 

GF(8)  as  P0L/(xt3  4-  x  4-  1 )  =*  P0L/(l3) 

GF(  16 )  as  P0L/(xt4  4-  x  4-  1)  =>  POL/(23) 


They  are  contained  in  Appendix  B. 


2.2  The  linear  algebra  of  Bloom  p/s/r  processes. 


As  noted  above,  the  extreme  parameter  setting  cases 


H 


(k,n)  =  ( 1 ,n) 
(k,n)  =  (n,n) 


require  no  coding.  The  extreme  parameter  setting  case 

(k,n)  =  ( n- 1 , n ) 

can  be  very  simply  coded  and  decoded  using  only  GF(2),  and  without 
cold,  cool  or  hot  precomputation.  Thus  we  will  consider  the  mean 
parameter  setting  cases,  i.e.  the  cases  involving  (k,n)  such  that 

2  <  k  <  n-2  <  n  <  2+b  =  Q  <  65,536 


Here  b  is  a  parameter  describing  the  size  of  (i.e.  number  of  bits  in) 


the  computer 

word  to 

be  used 

in  practical 

implementations.  Its  place  in 

the  scheme  of  things 

will  be 

obvious  below 

r. 

Let  us 

begin  with  the 

2+b  by  2+b 

(i.e.  Q  by  Q) 

Vandermonde 

matrix  with 

entries 

in  GF(2+b)  =  GF ( Q ) . 

This  square 

matrix  VAN  is 

of  tilt 

>  form 

L 

0 

0 

0  .  . 

0 

0 

— 

“*■ 

““ 

1 

i 

1 

1  .  . 

.  1 

1 

““ 

mmm ’ 

““ 

1 

2 

2+2 

2+3  .  . 

2Hb-2 ) 

2+(b-l ) 

““ 

2+2 

,2+4 

2+6  .  . 

.  2+2 (b-2) 

_2_+2(b— 1 ) 

VAN= 


l  2+(b-3)  2+2(b-3)  2^3 (b-3 ) 

1  2  +(b-2 )  2+2(b-2)  2+3(b-2) 


,2+(b-3)(b-2)  2^+(b-3)(b-l ) 

_2+(b-2)(b-2)  2+(b-2)(b-l) 


Note  that  the  bases  are  (underbarred)  members  of  GF(Q)  and  the 
exponents  are  (unbarred)  integers.  It  is  a  fact  that  2.  is  a  primitive 
element  in  GF(2+b)  if  GF(2+b)  is  realized  as  POL/(p(x))  where 


k  . .  '  '  •'" 
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p(x)  is  a  primitive  polynomial.  We  will  always  use  fields  of  this 
form.  Examples  of  Vandermonde  matrices  are 


■  L  ■  J  ■  L1 »  !' 


.  y 


10  0  0 


VAN 


i  i  I  I 

12  3  1 


in  GF(4 )  =  P0L/(xt2  +  x  +  1)  =  POL/(7),  and 


4 

>t 


2 

0 

0 

0 

0 

0 

0 

0 

2 

i_ 

2 

2 

2 

2 

2 

2 

J. 

2 

4 

2 

6 

2 

2 

2 

A 

4 

6 

2 

2 

2 

2 

2 

A 

2 

2 

4 

2 

2 

6 

2 

2 

6 

2 

2 

4 

2 

2 

2 

2 

l 

3 

2 

2 

6 

2 

2 

2 

5 

l 

6 

2 

4 

2 

2 

in  GF(8)  ■  P0L/(xt3  +  x  +  1)  =  P0L/(13).  See  Appendix  C  for  examples  of 
Vandermonde  matrices,  for  various  fields. 

Now  let  LEF[k]  be  a  special  Q  by  k  submatrix  of  VAN.  It 
consists  of  the  first  k  columns  of  VAN.  In  our  GF(8)  example 


It  is  a  well  known  property  of  Vandermonde  matrices  that  every  k 
by  k  submatrix  of  LEF[k]  is  nonsingular  whenever  k  satisfies  the 
inequalities 

2  <  k  <  Q  =  2tb  . 

Thus  the  rows  of  LEF[kj  can  be  regarded  as  a  collection  of  2tb  =  Q 
vectors  in  general  position  in  a  k  dimensional  vector  space  V  over 
GF(2tb)  =  GF(Q).  But  recall  that  2  _<  k  <_  n-2  £  n  £  Q.  This  means  that 
we  have  the  wherewithal  to  build  a  Bloom  k-out-of-n  p/s/r  process. 
Consider  any  list  w(l),  w(2),  ...»  w(k)  of  distinct  row  indices  of 
LKF[k],  i.e.  any  injection 

w:  tl,  2,  k}  ♦  (1,  2,  Q} . 

There  is  obviously  a  Q  by  k  (coding)  matrix  COD^  corresponding  to 
this  w  such  that 

ROW[i]  =  l  COD  (i , j )ROW[w( j ) ] 
w 

for  every  positive  integer  i  Q.  In  particular 

ROW [ i ]  =■  l  CODe(iJ)ROW[e(j)] 

-  1  CODe(i,j)ROW[j] 

when  e  is  the  identity  injection.  All  three  sums  above  are  over 
positive  integer  j  k. 
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The  Bloom  k-out-of-n  p/s/r  process  now  works  as  follows.  Let 
1(1),  1(2),  I(k)  be  the  b-blt  plaintext  words  the  sender  S  has 

on  source  channels  1,  2,  k  at  time  t.  The  sender  encodes  them 

to  form  b-bit  words  H(l),  H(2),  ...»  H(n)  for  sending  along  broadcast 
channels  1,  2,  n  as  follows 

H(i)  =  l  COD  (i  ,  j  )I( j  ) 
e 

for  positive  integer  i  <  n,  where  the  sum  is  over  positive  integer 
j  k.  When  the  receiver  R  ascertains  that  channels 
w(l),  w(2),  w(k)  are  operative,  he  decodes  by  finding 

I(i)  =  l  COD  (i.j)H(w(j)) 
w 

for  positive  integer  i  k,  where  the  sum  is  over  positive  integer 
j  <  k. 

Before  looking  at  implementation  in  the  four  stages  we  make  a  few 
comments.  First,  encoding  is  a  process  which  depends  only  on  k  and 
Q,  not  on  n  (except  in  the  trivial  sense  that  you  don't  bother  to 
encode  any  messages  H(i)  for  channels  n+1,  n+2,  . ..,  Q)  and  not  on 
which  channels  are  operative  and  which  are  inoperative.  After  all,  the 
sender  is  not  likely  to  know  which  channels  are  operative. 

Mathematically  speaking,  encoding  makes  use  only  of  the  (fixed)  identity 
Injection  e. 

Decoding,  on  the  other  hand,  makes  use  of  the  (variable)  injection 
w  which  embodies  information  known  only  to  the  receiver,  namely  which 
channels  w( l ) ,  w(2),  ...,  w(k)  are  operative.  So  decoding  depends  on 
k,  w  and  Q.  Consequently  decoding  depends  implicitly  on  n,  since 
1  <  w(i)  <  n  for  every  positive  integer  i  k. 

If  either  sender  S  or  receiver  R  can  profit  by  taking  n  into 
account  in  a  a  more  explicit  fashion  in  their  calculations,  they  are 
free  to  do  so.  But  they  don't  have  to.  We  will  show  below  how  to  take 
advantage  of  a  knowledge  of  n. 

Comparing  this  description  with  the  YLYK  Ltd.  proposal,  the  reader 
will  note  our  assumption  that 

n  <  2tb  ■  Q  . 


That  proposal  held  forth  the  possibility  of  the  inequality 

n  £  Q  +  2 

in  many  cases. 

We  abandoned  this  tack,  fine  tuning  the  field  size,  for  four 
reasons : 

1.  It  shortens  word  size  by  only  one  or  two  bits  where  it  is  possible; 

2.  It  complicates  coding  and  decoding  where  it  is  possible; 

3.  It  is  a  very  difficult  problem  to  determine  all  the  cases  in  which 
it  is  possible.  See  the  MacWilliams  and  Sloane  book  on  error 
correcting  codes  for  more  on  this; 

4.  We  now  know  how  to  achieve  the  desired  goal  of  attaining  hyperfast 
Bloom  p/s/r  processes  without  fine  tuning  the  field  size.  The 
hyperfast  real-time  on-line  decode  is  attained  in  a  different  way, 
by  use  of  systolic  multipliers,  as  we  shall  see  below.  Moreover, 
fine  tuning  field  size  is  of  no  appreciable  utility  in  attacking 
the  other  crucial  problem,  shortening  the  duration  of  Stage  3,  the 
hot  precomputation. 

2.3.  The  first  stage  of  computation  in  the  mean  cases  of  the  Bloom 
p/s/r  process,  the  manufacturer's  cold  precomputation 

Recall  that  we  have  a  field 

GF(2tb)  -  GF(Q) 

and  that 

2  _<  k  <  n-2  _<  n  <  2tb  =  Q. 

The  entire  problem  of  encoding  and  decoding  in  a  k-out-of-n  Bloom 
p/s/r  process  amounts  to  this.  For  each  injection 

w:  (I,  2,  ...,  k)  ♦  (1,  2,  ...,  n} 

(including  the  Identity  injection  w  ■  e)  find  the  k  by  k  matrix 


ROW [ i ]  =  l  COD  (i ,  j )ROW[w( j ) ] 

W 

where  the  sum  is  over  positive  integer  j  _<  k,  and  where  ROW[i]  is 

the  ith  row  of  the  Q  by  k  matrix  LEF[k].  Recall  that  LEF[k] 

consists  of  the  first  k  columns  of  the  Q  by  Q  Vandermonde  matrix 

VAN  over  GF(Q).  Once  COD  is  found,  form 

e 

H(i)  =  I  COD  (i,j)I(j) 
e 

(where  the  sum  is  over  every  positive  integer  j  k)  for  every 
positive  integer  i  _<  n  to  encode.  Once  w  is  chosen  and  COD^  Is 
found,  form 

I(i)  =  l  COD  (i.j)H(w(j)) 
w 

(where  the  sum  is  over  every  positive  integer  j  k)  for  every 
positive  integer  i  <  k  to  decode. 

Obviously  it  is  desirable  to  carry  out  computations  as  early  as 
possible.  We  have  agree  to  send  the  k  plaintext  messages 
1(1),  1(2),  ...,  I(k)  (i.e.  members  of  GF(2+b)  -  GF(Q) ,  i.e.  b-bit 
words)  down  channels  1,  2,  ...,  k  respectively.  These  words  are 
unaltered.  They  are  transmitted  as  is. 

H( 1 )  -  1(1) 

H(2)  -  1(2) 

H(k)  -  I(k) 

What  we  need  is  the  encoding  for  channels  k+l ,  k+2,  ...,  n.  In  other 
words  we  need  to  express  rows  k+l,  k+2,  ...,  k+n  of  LEF[k]  in  terms 
of  rows  1,  2,  ...,  k.  To  say  we  need  dependences  is  to  say  we  need 
vanishing  linear  combinations  of  the  rows  of  LEF[k].  We  need, 
therefore,  a  basis  for  the  left  kernel  of  LEF[kJ  (The  left  kernel  of  a 
Q  by  k  matrix  L  is  the  set  of  all  length  Q  row  vectors  r  such 
that  rQ  is  the  length  k  row  vector  with  all  zero  entries).  Let  us 
take  GF(8)  as  an  example. 
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has  rank  7.  Therefore  its  kernel  has  dimension  1  and  a  calculation 
shows  that  it  is  spanned  by  the  row  vector 
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LEF [ 6 ] 


This  matrix  ENF  is  a  Q- 2  by  Q  matrix  with  _1_  in  the  (j,  Q-j+l)th 
entry  and  with  0  entries  everywhere  below  these  "antidiagonal"  _1_  s. 

In  fact  the  matrix  product  ENF  *  VAN  is  a  Q-2  by  Q  matrix  with  zeros 
above  the  "antidiagonal".  Given  any  Q  by  Q  Vandermonde  matrix  for 
GF(Q)  it  is  elementary  linear  algebra  to  find  the  Q-2  by  Q  matrix 
ENF  such  that : 

1.  For  each  positive  integer  j  Q-2  the  top  j  rows  of  ENF  form 
a  basis  for  the  left  kernel  of  LEF[Q-j) 

2.  The  antidiagonal  entries  (i.e.  ENF( j ,  Q- j+1 )  for  every  positive 
integer  j  Q-2)  are  _1_ 

3.  The  entries  below  the  antidiagonal  are  j). 

This  is  the  substance  of  the  manufacturer's  cold  precomputation. 
Stage  1.  A  computer  program  incorporating  this  precomputation  is 
contained  in  Appendix  H.  It  could  take  months  on  an  IBM  370  and  still 
be  perfectly  satisfactory,  since  it  will  be  done  just  once  before  the 
devices  are  fabricated.  In  fact  the  GF(16)  computation  takes  seconds 
on  an  IBM  PC.  The  GF(16)  ENF  is  a  14  by  16  matrix  whose  entries  are 
4-bit  words.  See  Appendix  D  for  examples  of  ENF  matrices  for  various 
fields. 

The  GF(256)  cold  precomputation,  even  without  the  shortcuts 
employed  in  Appendix  H,  takes  far  fewer  than  a  billion  machine  cycles, 
i.e.  a  few  minutes  of  mainframe  time.  To  store  its  output  requires 
254*236  -  65,024  bytes  of  ROM.  The  GF(4,096)  and  GF(65,536)  cold 
precomputations  take  longer. 

Since  finding  a  kernel  basis  and  triangularizing  its  matrix  takes  a 
small  constant  times  the  cube  of  the  dimension  of  the  vector  space, 
finding  a  4094  by  4096  ENF  matrix  for  GF(4,096  *  GF(2tl2)  could 
take  as  many  10tl3  single  'precision  integer  operations  and  single  word 
logical  operations  on  an  IBM  370.  This  could  take  months.  To  store  the 
output  you  would  need  more  than  200  megabits  of  ROM. 
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To  find  a  65,534  by  65,536  ENF  matrix  over  GF(65,536)  =  GF(2tl6) 

Is  a  bigger  task.  Here  we  are  talking  about  a  fair  sized  multiple  of 
2t48  operations,  say  10  +  17  to  be  on  the  safe  side.  Of  course,  this 
assumes  no  parallelism  in  the  computer.  But  parallelism  and  vector 
structure  are  keynotes  of  the  computation.  However  it  looks  like  months 
of  calculation  on  better  adapted  machines  such  as  a  CRAY  1  or  the  new 
MPP  being  put  up  at  NASA,  both  of  them  well-suited  to  the  sort  of  linear 
algebra  computations  required.  It  also  means  scrapping  the  PASCAL 
program  in  Appendix  A  and  writing  code  which  exploits  the  peculiarities 
of  the  machine  it  runs  on.  Also,  storing  its  output  is  nontrivial. 

This  output  consists  of  65,534  *  65,536  =  4,294,836,224  16-bit  words. 
This  means  almost  9  gigabytes  of  RUM  in  the  devices  which  implement  such 
p/s/r  processes. 

What  about  larger  fields?  It  seems  doubtful  that  they  can  be 
exploited  economically  in  the  1980s,  or  that  they  would  be  used  even  if 
computations  were  cheap.  Some  objections  are: 

i.  65,537  channels  is  a  lot  of  channels.  Is  there  a  plausible 
application  of  k  out  of  n  p/s/r  processes  in  a  situation 
where  n  >  2  +  16  =*  65,536? 

ii.  Fields  larger  than  GF(2tl6)  cannot  be  handled  on  a  16  bit 

microprocessor  without  adopting  unnatural  expedients  which  slow 
things  down. 

ill.  Stage  l,  the  cold  precomputation  stage  in  which  ENF  is  formed, 
gets  expensive  and  time  consuming  in  GF(2+b)  for  b  >  16. 

For  example  production  of  an  ENF  for  GF(2+20)  looks  like  a 
multiple  of  2+60  operations  on  a  Von  Neumann  machine,  say 
10+20  operations. 

iv.  Storing  the  ENF  in  fields  bigger  than  GF(65,536)  requires 
more  than  9  gigabytes  of  ROM. 


Summarizing  the  first  stage,  the  manufacturer  s  cold  precomputation 
stage,  we  see  that  the  2tb  -  2  by  2+b  encode  normal  form  matrix  ENF 
has  the  following  properties  (pessimistic  estimates): 


Galois 

field 


time  to 
produce  ENF 


space  to 
store  ENF 


GF  ( 1 6 )  =  GF(2t4) 


PC  minutes 


1  k  bits 


GF(256)  =  GF(2t8) 


mainframe 

minutes 


600  k  bits 


GF  ( 4 , 096 )  =*  GF(2tl2) 


mainframe 

months 


300  ra  bits 


GF(65 , 536)  =  GF(2tl6) 


supercomputer 

years 


70  g  bits 


2.4  The  second  stage  of  computation  in  the  mean  cases  of  the  Bloom 
p/ s/ r  process,  the  sender's  cool  precomputation. 

Recall  that  we  have,  once  for  all,  chosen 

GF(2tb)  =  GF(Q) 

Thus  the  sender  S  must  take  k  b-bit  words  at  time  t  and  encode 
this  information  into  n  b-bit  words  for  transmission.  Moreover 


2  <  k  <  n-2  <  n  <  2tb  -  Q 


The  ENF  matrix  Is  available  to  both  sender  and  receiver.  It  contains 
information  about  VAN  or,  more  specifically,  about 

LEF 12],  LEF [ 3 ] ,  ...,  LEF[Q-1 ] .  The  first  row  of  ENF  expresses  the  Qth 
row  of  LEF [ Q— 1 ]  (and  therefore  of  LEF[Q-2],  ...,  LEF[2])  as  a  linea 
combination  of  its  first  Q-l  rows.  The  second  row  of  ENF  expresses 
the  (Q-l)st  row  of  LEF(Q-2]  (and  therefore  of  LEF[Q-3],  ...,  LEF[2]) 
as  a  linear  combination  of  its  first  Q-2  rows.  And  so  on,  to  the 
bottom  row  (the  (Q-2)nd  row)  of  ENF.  This  row  of  ENF  expresses  the 
third  row  of  LEF(2]  in  terms  of  the  first  two  rows  of  LEF[2]. 

Once  k  and  n  are  agreed  upon,  the  sender  S  and  receiver  R 
fix  their  attention  on  LEF[k].  They  can  ignore  its  bottom  Q  -  n 
rows.  'Thus  they  are  looking  at  the  upper  left  n  by  k  submatrix 
UPLEFjn.k]  of  VAN.  Clearly,  the  dependences  they  both  need  to  know 
among  the  rows  of  LEF[k]  (or,  equivalently,  of  UPLEF[n,k])  are  all 
contained  (implicitly  at  least)  in  rows  Q  -  n  +  1,  Q  -  n  +  2,  ..., 

Q  -  k  of  ENF. 

For  example  a  3-out-of-7  p/ s/r  over  GF(8)  is  based  on  knowing 
the  dependences  among  the  first  seven  rows  of 


and  these  are  all  expressed’ in  rows 
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Let  MII)[Q-n+l,  Q-k]  be  the  n  -  k  by  Q  submatrix  of  ENF  consisting 
of  rows  Q-n+1 ,  Q-n+2,  Q-k  of  ENF.  We  now  have  the  only  matrix  of 

interest  to  the  sender  S  and  the  receiver  R  during  this 
communication  session  using  this  k-out-of-n  p/s/r.  The  last  Q  -  n 
columns  of  MID[Q-n+l,  Q-k]  are,  of  course,  zero.  So  they  can,  and 
will,  be  ignored  in  implementations.  But  a  theoretical  discussion 
proceeds  more  smoothly  if  we  speak  of  all  of  MID[Q-n+l,  Q-k].  The 
sender  S  sends  channels  1,  2,  ...,  k  in  the  clear  (i.e.  uncoded). 

But  he  needs  to  know  how  to  encode  channels  k+1,  k+2,  ...,  n.  To  do 
this  the  sender  S  can  use  elementary  row  operations  to  go  from  the 
already  "triangularized"  MID[Q-n+l,  Q-k]  to  a  "diagonalized"  form  SEN 
in  which  column  k+1  has  all  zeros  except  for  a  1  in  the  bottom  row. 
Column  k+2  has  all  zeros  except  for  a  1  in  the  row  above  the  bottom 
row,  and  column  n  has  all  zeros  except  for  a  1  in  the  top  row.  This 
is  a  trivial  variant  of  the  process  of  reducing  to  Hermite  normal  form. 
Once  he  has  produced  the  matrix  SEN  =*  SEN[k,n,Q],  the  sender  S  has 
finished  his  cool  precomputation  and  he  can  start  to  encode  and  send. 

His  encode  amounts  to 

H(j)  -  l  SEN( j ,g)I(g)  =  l  SEN[k,n,Q](j,g)I(g) 

for  each  j  £  (k+1,  k+2,  ...,  n),  where  the  sura  is  over  positive 
integers  g  _<  k. 

The  cool  precomputation  is  linear  algebraic,  like  the  cold 
precomputation,  but  it  is  shorter.  For  a  k-out-of-n  p/s/r  process  it 
Involves  bringing  an  already  triangularized  matrix  with  n-k  rows  to 
a  diagonalized  form.  This  involves  about  (n-k)(n-k+l )/2  row 
operations.  Therefore,  approximately  n(n-k)(n-k+l)  arithmetical 
operations  are  involved,  i.e.  subtractions/additions  (XORs)  and  Galois 


field  multiplication.  It  is  only  necessary  to  find  n-k  Galois  field 
reciprocals  if  you  do  things  carefully.  This  is  helpful,  since  Galois 
field  divisions  require  the  Euclidean  algorithm  and  are  much  slower  than 
Galois  field  multiplications  (unless  we  merely  store  arithmetical 
tables,  an  attractive  expedient  if  Q  _<  256). 

Consider  a  device  built  with  Q  synchronized  parallel  processors 
and  a  stored  multiplication  table  they  can  all  draw  the  same  product 
from  simultaneously.  On  such  a  device  it  would  take  about  c(n-k)+2 
machine  cycles  for  the  computation,  where  c  is  around  10.  Thus  for 
GF(16)  =  GF(Q)  (i.e.  2  k  n-2  <_  n  _<  16)  we  need  16  4-bit 
processors,  a  16  by  16  table  of  4-bit  words  (lk  bit  ROM)  and  around 
10  *  14+2  =  1960  machine  cycles  for  parallel  implementation  on  16 
processors.  It  would  take  about  50,000  cycles  for  implementation  by  one 
processor.  This  means  a  delay  of  several  milliseconds  before  the  sender 
S  can  send.  For  GF(256)  we  need  256  8-bit  processors,  a  256  by  256 
table  of  8-bit  words  (512  k  bit  ROM)  and  a  delay  of  the  order  10  * 

254+2  =  645,160  machine  cycles  (i.e.  about  a  second)  before  sending 
could  start.  With  only  one  processor  this  delay  could  rise  to  256  * 
645,160  which  is  approximately  200  million  machine  cycles.  So  it  could 
take  many  seconds  before  transmission  began.  Of  course  the  sender  could 
send  plaintext  over  the  first  k  channels  while  waiting  for  the  coding 
process  for  the  l^st  n-k  channels  to  be  found. 

If  some  important  (k,n)  pairs  were  incorporated  into  firmware 
the  sender's  cool  precomputation  could  be  made  part  of  the 
manufacturer's  cold  precomputation. 

Turning  to  GF(65,536)  a  parallel  implementation  would  need  65,536 
16-bit  processors,  and  16  *  65,536+2  bits  of  ROM  (i.e.  70  gigabits) 

The  delay  before  sending  could  be  as  much  as  40  billion  machine  cycles, 
an  hour  or  so.  Using  just  one  16-bit  processor  and  doing  the 
multiplications  on  the  fly  to  dispense  with  the  need  for  ROM  could  raise 
the  delay  before  sending  to.  years. 

So,  yet  again,  we  see  indications  that  65,000  channels  is  a  lot  of 
channels  to  spread  your  messages  among.  But  256  channels  once  again 
looks  very  promising. 


Let  us  summarize  the  second  stage,  the  sender  s  cool  precomputation 
stage.  He  extracts  (from  ENF)  and  row  reduces  (to  a  sort  of  Hermite 
normal  form)  the  matrix  MII)[Q-n+l,  Q-k]  to  produce  an  n  -  k  by  n 
matrix  SEN[k,n,Q].  This  matrix  describes  how  to  form  the  encoded  words 
sent  along  channels  k+1 ,  k+2,  n  at  time  t  in  terms  of  the 

"plaintext"  words  sent  along  channels  1,  2,  k  at  time  t. 

The  work  and  memory  required  have  upper  bounds  (since  n  <  Q). 

These  upper  bounds  are  shown  in  the  table  below: 


F(2t4)  =  GF(  16) 


GF(218)  =  GF(256) 


GF(2tl2)  =  GF ( 4 , 096 ) 


Time  to 
precompute 
by  parallel 
implementation 

Number  and  size 
of  processors 
for  parallel 
impl emen  t  a  t i on 

milliseconds 

16  4-bit 

seconds 

256  8-bit 

minutes 

4,096  16-bit 

hours 

65,536  16-bit 

Storage 

required 

for 

SEN(k,n,Q) 


600  k  bit 


300  m  bit 


70  g  bit 


2.5  The  third  stage  of  computation  in  the  mean  cases  of  the  Bloom 
p/s/r  process,  the  hot  precomputation. 

The  receiver  R  is  moving  right  along,  receiving  all  k  plaintext 
channels  from  the  sender  S  for  a  while,  and  then  some  channels  fail. 
Using  means  which  lie  outside  the  scope  of  this  Phase  I  SBIR  effort,  the 
receiver  finds  at  least  k  channels  which  are  still  operative  among  the 
n  channels  the  sender  is  using.  He  makes  a  choice  of  exactly  k  of 
these  operative  channels  any  way  he  chooses,  perhaps  by  picking  the 
first  k  of  them  but  almost  certainly  in  a  predesigned  automated 
manner.  Such  a  choice  amounts  to  an  injection 

w:  { 1 ,  2,  ...,  k)  *  { 1 ,  2,  ...,  n). 

Like  the  sender  S,  the  receiver  R  has  already  singled  out  the  matrix 
M[Q-n+l,  Q-kJ.  In  practice  he  has  trimmed  off  all  the  zero  columns  on 
its  right  side. 

On  the  face  of  things  the  receiver  would  have  to  use  the 
information  contained  on  the  injection  w  to  set  up  a  way  of  using 
elementary  row  operations  to  do  a  reduction  of  MID[Q-n+l,  Q-kJ  to  a 
variant  of  Hermite  normal  form  before  real-time  on-line  decode  could 
proceed. 

This  would  appear  to  take  as  many  as  a  small  multiple  of  nt3 
operations  in  the  small  k  case  (since  the  relevant  matrix  is 
n-k  by  n).  But  there  are  artifices  to  reduce  the  computation  time 
uniformly  to  yield  a  bound  which  is  more  like  a  small  multiple  of 

P(n,k)  =  n  *  (n-k)  *  min{k,  n-k} 

operations.  Clearly  P(n,k)  _<  (n+3)/4  _<  (Qt3)/4,  (the  worst  case  being 
k  =  n/  2  ) . 

Moreover  P(n,k)  is  rather  small  (is  less  than  knt2)  if  k  is 
small,  and  is  smaller  still,  (is  less  than  n(n-k)+2)  if  n-k  is  small 
(i.e.  if  k  is  large). 

The  routines  which  achieve  this  improvement  over  straightforward 
linear  algebraic  row  reductions  are  based  on  a  trivial  lemma,  which  is 
nevertheless  worth  stating. 


Lemma:  Let 


DATA  =  (1,  2 . n-k}  1 1  RANGE (w) 

DESIDERATA  =  (l,  2,  k)  \  RANGE (w) 

DELENDA  =  (n-k+1,  n-k+2 . n}\  RANGE  (w). 

Then  the  sets  DATA  and  DELENDA  contain  the  same  number  of  members. 
Moreover  the  set  DATA  is  disjoint  from  both  DESIDERATA  and  DELENDA. 

Proof:  Let  A  be  the  number  of  members  of  RANGE(w)  which  are  no 
larger  than  n-k.  In  other  words  the  set  DATA  contains  A  members.  I 
follows  that  there  are  k  -  A  members  of  RANGE(w)  which  exceed 
n-k.  Hence  the  number  of  members  of 

(n-k+1,  n-k+2,  ...,  n}  \ RANGE (w) 


is  equal  to 


[n  -  (n-k)]  -  [k  -  A]  =  A. 

Obviously  DATA  _  RANGE(w).  On  the  other  hand  DESIDERATA  DELENDA 
contains  no  member  of  RANGE(w).  This  ends  the  proof. 

A  computer  program  incorporating  the  hot  precomputation  is 
contained  in  Appendix  I.  The  idea  behind  Stage  3,  the  receiver's  cool 
precomputation  in  this  program  is  to  exploit  the  Lemma.  It  enables  the 
receiver  to  avoid  carrying  out  a  complete  row  reduction  of 
MID[Q-n+l,  Q-k]  to  Herraite  normal  form.  The  DATA/DESIDERATA/ DELENDA 
breakup  of  the  set  of  column  indices  (1,  2,  ...,  n)  has  a  partial 
reflection  in  the  row  indices  of  MID[Q-n+l,  Q-k].  The  result  is  that 
many  rows  are  irrelevant  to  the  production  of  the  decode  matrix  COD^ 
described  here.  Moreover  it  is  often  possible  to  use  this  breakup  to 
partition  the  rows  of  MID[Q-n+l,  Q-k]  into  three  sets,  one  of  which 
can  be  ignored,  and  the  second  of  which  can  be  used  to  act  on  the 
third.  A  careful  reading  of  the  program  will  also  explain  the  bound 

P(n,k)  =  n  *  (n-k)  *  min(k,  n-k) 

on  the  number  of  operations,  a  much  smaller  bound  than  the  bound  n+3 
which  unimaginative  use  of  standard  linear  algebraic  techniques  would 
suggest . 


2.6  The  fourth  stage  of  computation  in  the  mean  cases  of  the  Bloom 
p/s/r  processes,  the  real-time  on-line  encode  or  decode 

After  finishing  the  third  computational  stage,  the  receiver's  hot 
precomputation,  the  receiver  R  is  ready  to  decode.  He  has  a  matrix 
REC  whose  rows  are  indexed  by  the  set  DESIDERATA,  and  which  has  n 
columns.  Thus  REC  is  no  larger  than  a  k  by  n  matrix.  Let 
j  e  DESIDERATA.  Then  REC(j,j)  =  1.  Moreover  REC(j,k)  =  0  for  every 
k  c  DELENDA.  Recall  that  +  coincides  with  -  in  our  Galois  field 
GF(2tb)  =  GF(Q)).  It  should  be  evident  that  the  receiver  can  reclaim 
the  word  I(j)  which  has  been  sent  along  channel  j  at  time  t  from 
the  words  H(w(g))  (where  1  <_  g  <_  k)  according  to  the  formula 

I(j)  =  1  REC(j,w(g))H(w(g)) 

for  every  positive  integer  j  belonging  to  the  set  DESIDERATA.  The  sum 
above  is  over  positive  integer  g  £  k. 

Similarly  the  sender  has  used  his  cool  precalculation  to  produce  a 
matrix  SEN  such  that 

H(j)  =  l  SEN( j ,g )I(g) 

for  every  integer  j  e  {k+1 ,  k+2,  ...,  n}.  The  sum  is  over  positive 
integer  g  _<  k. 

The  problem  of  the  sender  in  encoding,  and  of  the  receiver  in 
decoding,  is  to  calculate  quickly.  This  will  be  done  as  shown  in  Figure 
1.6.1  above.  So  what  remains  is  to  multiply  fast.  And  we  can  take 
advantage  of  the  fact  that  in  each  of  the  top  boxes  in  Figure  1.6.1  the 
multiplier  remains  fixed,  though  the  multiplicands  change  with  time.  To 
carry  out  a  multiply  as  fast  as  bits  can  be  fed  in  is  the  goal.  This 
can  be  done  with  systolic  multipliers  as  shown  in  Appendix  F. 


To  carry  out  a  single  GF(16)  multiplication  at  maximum  speed 
requires  about  300  cells.  To  carry  out  16  multiplications 
simultaneously  requires  about  4100  cells.  The  cells  themselves 
consist  of  fewer  than  10  active  elements.  So  a  very  pessimistic 
estimate  of  the  hardware  required  to  carry  out  a  GF(i6)  based  p/s/r 
process  is  100,000  active  elements.  This  might  require  one  or  two 
programmable  logic  arrays. 

The  implementation  of  a  GF(256)  based  p/s/r  process  would  be 
larger.  But,  taking  account  of  the  fact  that  constant  multipliers 
eliminate  the  need  for  flipflops  in  the  basic  cells  in  the 
implementation,  we  find  that  even  GF(256)  based  p/s/r  processes  can  be 
implemented  using  at  most  256  PLAs.  The  chips  for  a  p/s/r  process 
involving  at  most  16  channels  will  cost  less  than  $100  today.  For  a 
p/s/r  process  involving  at  most  256  channels  the  price  would  almost 
certainly  be  below  $1000. 

No  pricing  has  been  attempted,  since  no  working  prototypes  exist. 

It  seems  likely  that  these  cost  estimates  could  be  reduced  substantially 
in  a  production  mode.  Other  costs,  such  as  boxes,  wiring,  etc.  are  easy 
to  estimate. 

There  is  an  alternative  approach  which  appears  both  faster  and 
cheaper.  The  idea  is  to  substitute  memory  for  computations  by  storing 
tables  of  products  and  lists  of  reciprocals,  perhaps  even  tables  of 
quotients. 

This  is  particularly  attractive  in  the  real-time  on-line  encode  or 
decode  since  a  single  decoded  channel  (i.e.  a  single  processor)  keeps 
using  the  same  multiplier.  So  each  microprocessor  can  ask  a  common 
stored  Q  by  Q  multiplication  table  for  a  copy  of  the  appropriate 
Q  by  1  column  corresponding  to  this  multiply.  Multiply  thus  becomes  a 
memory  fetch  and  the  memory  might  even  be  resident  on  the  microprocessor 
chip.  A  GF(16)  based  p/s/r  process  would  need  only  4*16  =*  64  bits  of 
memory  for  each  microprocessor.  A  GF(256)  based  p/s/r  process  would 
require  8*256  3  2048  bits  per  microprocessor. 


This  sort  of  memory  capacity  goes  for  pennies.  Of  course,  when 
there  are  n  =  65,536  channels  the  picture  changes.  For  each  channel 
you  need  16  *  65,536  =  400  k  bits  of  memory. 

It  is  again  worth  stating  explicitly  that  the  decoding  process  and 
the  encoding  process  are  merely  two  variations  on  a  theme.  After  cool 
precomputation  the  sender  forms 

H(j)  =  l  SEN(j,g)I(g) 

(where  the  sum  is  over  positive  integers  g  k)  to  encode  channel  j 
for  each  j  e  {k+1 ,  k+2,  ...»  k+n). 

After  hot  precomputation  the  receiver  forms 

I(j)  =  l  REC(j ,  w(g) )H(w(g) ) 
g 

(where  the  sum  is  over  positive  integer  g  <  k)  to  decode  channel  j 
for  each  j  e  DESIDERATA.  So  it  suffices  to  describe  the  real-time 
on-line  decode.  The  real-time  on-line  encode  is  more  straightforward. 

The  abstract  design  shown  in  Figure  1.6.1  is  the  scheme  which 
should  be  used.  Once  again  we  recall  the  need  to  maintain 
synchronization  of  channels  in  encode  and  decode.  As  in  Section  1.4.1, 
it  is  easy  to  do. 

2.7  Examples  of  Computations. 

The  programs  contained  in  Appendices  H  and  I  have  been  used  on 
examples,  which  are  included.  Appendix  D  gives  tables  of  ENF  for 
various  fields  GF(Q)  produced  by  the  cold  precomputation  program  in 
Appendix  H.  Appendix  E  contains  examples  of  the  encoding  and  decoding 
processes  as  carried  out  in  Stages  2,  3  and  4  by  the  programs  in 
Appendices  H  and  I. 


3.  Summary  of  tasks,  work,  discoveries,  recommendations  and 
alternatives. 

The  contract  between  AFOSR  and  YLYK  Ltd.  to  perform  the  work 
reported  on  here  describes  two  tasks. 

Task  1 :  Implement  the  heuristic  procedure  described  in  Section  6  of  the 
proposal  by  means  of  computer  programs,  in  order  to  produce  explicitly 
the  hyperfast  pool/split/restitute  encode  and  decode  algorithms  of  the 
Bloom  technique.  Analyze  the  results,  putting  the  matrices  in  the  most 
convenient  form,  using  further  computer  programs  if  needed.  Determine 
the  explicit  solutions  of  the  cases  of  most  practical  importance. 

Task  2;  Develop  a  set  of  design  principles  for  the  implementation  in 
hardware  of  such  p/s/r  processes  by  means  of  an  existing  16-bit 
microprocessor. 

Mathematically,  hyperfast  Bloom  k-out-of-n  p/s/r  processes  break 
up  into  cases  and  into  stages.  There  are  four  "extreme"  cases.  The 
case  k  =  0  is  silly.  The  cases  k  *  I  (send  the  same  message  on  all 
channels)  and  k  =  n  (hope  that  all  sent  messages  get  to  the  receiver) 
are  trivial  within  the  present  state  of  technology.  The  case  k  =>  n-1 
Is  trivial  from  a  mathematical  and  an  engineering  viewpoint.  But  it 
seems  important  and  may  not  be  currently  in  use.  Its  implementation 
should  be  separate  from  the  remaining  "mean"  cases.  This  implementation 
involves  2n  -  3  bitwise  XOR  gates  in  the  format  shown  in  Figures 
1.4.1  and  1.4.2.  No  precomputations  are  required.  For  Q  =  4000 
channels  and  k  =  n-1  Q  this  involves  fewer  than  8000  gates  and  a 
phase  lag  (as  described  above)  of  some  12  bits. 

All  other  cases,  i.e. 

2  £  k  <  n-2  £  n  <  Q, 

are  called  "mean"  cases  in  contrast  to  "extreme"  cases.  In  view  of  the 
facts  turned  up  in  the  narrative  above  we  make 
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Recommendation  1:  Concentrate  first  on  hyperfast  Bloom  p/s/r 
processes  over  GF(2),  GF(16)  and  GF(256).  Over  GF(2)  you  can 
implement  an  (n-1 )-out-of-n  p/s/r  process  for  any  reasonable  size 
n.  It  will  act  on  1-bit  words.  Over  GF(16)  you  can  implement  a 
k-out-of-n  p/s/r  process  whenever 

2  £  k  £  n-2  <  n  <  16. 

It  will  act  on  4-bit  words.  Over  GF(256)  you  can  implement  a 
k-out-of-n  process  whenever 

2  i  k  <  n-2  _<  n  _<  256. 

It  will  act  on  8-bit  words.  These  three  implementations  will  be 
general  purpose  (i.e.  the  boxes  will  allow  the  user  to  vary  k  and 
n). 

Recommendation  2:  Somebody  who  intends  to  use  more  than  256 
channels  should  consider  dedicated  (i.e.  k  and  n  fixed  in 
firmware  or  hardware)  boxs  and  should  try  strenuously  to  keep  the 
number  of  channels  small.  4000  channels  seems  to  be  at  or  above 
the  technically  feasible  upper  bound. 


For  the  mean  cases 


2  <  k  <  n-2  <  n  <  2+b 


of  a  Bloom  p/s/r  process  there  are  four  stages  of  computation.  The 
first  two  are  noncritical  straightforward  linear  algebraic  reductions 
and  we  will  not  consider  them  further  here,  except  to  make 


Recommendation  3:  If  a  particular  parameter  setting  (k,n)  will 
be  widely  used  (e.g.  all  F16s  will  always  communicate  with  base  by 
means  of  a  77-out-of-92  p/s/r  process)  then  the  second  stage  of 
precomputation,  the  sender's  cool  precomputation,  can  be  dispensed 
with  (more  exactly,  can  be  incorporated  into  the  cold 
precomputation  performed  before  the  boxes  are  manufactured)  in 
boxes  dedicated  to  77-out-of-92.  The  third  stage  of  computation, 
the  receiver's  hot  precomputation  can  be  performed  expeditiously. 


A  dedicated  box  can  also  free  a  participant  in  a  battle  from 
unnecessary  attention  to  details.  It  will  usually  be  cheaper  than 
a  general  purpose  box. 

Recommendation  4.  Maintain  synchronization  of  parallel  channels  in 
encode  and  in  decode.  Do  this  by  "doing  something"  trivial  to  the 
plaintext  channels  so  that  they  acquire  the  phase  lag  associated 
with  the  channels  which  are  encoded  (or  decoded)  nontrivially.  We 
have  already  discussed  the  obvious,  and  inexpensive,  expedients 
which  suffice  to  maintain  such  synchronization. 

Recommendation  5:  If  it  is  desirable  to  combine  p/s/r  processes 
with  cryptography  or  conventional  error  control  then  the  following 
architecture  should  be  employed.  Encryption  should  precede  p/s/r 
encoding  which  should,  in  turn,  precede  conventional  error  control 
encoding  on  the  sender's  end.  By  the  same  token  conventional  error 
control  decoding  should  precede  p/ s/r  process  decoding  which 
should,  in  turn  precede  decryption. 

If  it  were  built  today  a  memory  intensive  ultraparallel  prototype 
of  a  general  purpose  k-out-of-n  send/receive  box  for  2  <_  k  n-2  <  254 
would  be  configured  as  follows.  It  w* uld  have  about  1  mbit 
of  ROM,  broken  up  into  512  kbits  to  store  a  GF(256)  multiplication 
table,  510  kbits  to  store  ENF  and  2  kbits  to  store  a  list  of 
reciprocals  of  the  nonzero  elements  of  GF(256).  For  these  purposes 
four  256  kbit  (=  2+18  bit)  ROM  chips  will  suffice.  The  box  would 
employ  256  8-bit  processors,  perhaps  Z80s,  to  do  the  cool 
precomputations  (when  switched  on  send  mode)  as  well  as  the  hot 
precomputation  (when  switched  on  receive  mode).  There  would  be  no 
logical  harm,  and  only  a  small  time  penalty  if  n  is  over  200,  in 
having  the  precomputations  done  as  if  n  =  256,  the  maximum  number  of 
channels.  Cool  and  hot  precomputations  would  take  about  a  second. 

The  real-time  on-line  decode  would  be  done  by  65,536  ■  256+2 
dedicated  "dumb"  processors.  The  processors  will  be  arranged  in  256 
clusters  of  256  processors.  There  might  be  as  many  as  256  dumb 
processors  on  one  FLA  chip.  During  a  given  session  (i.e.  for  given  k 
and  n  in  send  mode,  and  for  given  k,  n  and  w  in  receive  mode.) 


Each  processor  would  use  a  2048  bit  RAM  which  stored  an  appropriate 
column  of  the  GF(256)  multiplication  table  in  ROM.  This  RAM  will  have 
been  filled  by  the  Z80s  during  precomputation.  The  8-bit  word  arriving 
on  channel  i  will  be  split  into  two  copies  eight  times  so  that  a  copy 
of  each  arriving  word  goes  into  each  cluster  of  256  processors  on  its 
ith  channel.  When  a  word  arrives  at  a  dumb  processor  the  processor 
multiplies  that  word  by  its  session  constant,  (i.e.  treats  the  word  as 
an  address  and  outputs  the  contents  of  that  address).  After  that  the 
outputs  from  each  cluster  are  XORed  together  through  8  layers  as  in  a 
deeper  version  of  Figure  1.6.1.  This  yields  decodes  or  encodes  for  each 
channel.  This  requires  128  mbits  of  RAM  and  65,000  (extremely)  dumb 
units  capable  only  of  outputting  the  contents  of  an  address.  This 
configuration  would  require  512  RAM  chips  with  256  kbit  capacity  each. 

We  have  noted  that  one  mbit  of  ROM  will  also  be  needed,  as  well  as  256 
Z80s.  The  dumb  procesors  can  be  parts  of  a  PLA.  Presumably  some  256 
PI.A  chips  would  be  capable  of  holding  the  needed  65,536  processors. 

The  system  would  require  shift  register  storage  devices  (perhaps 
1000  cells  per  register)  and  would  have  to  verify  synchronization  of 
inputs  and  impose  synchronization  of  outputs.  This  would  require  some 
sort  of  synchronization  pulses  in  the  bit  streams  entering  and  leaving 
the  box.  A  promising  method  is  to  use  two  voltage  levels  for  bits  and  a 
third  for  synch  pulses,  as  is  standard  in  television  transmission  in  the 
U.  S. 

These  estimates  are  all  on  the  highly  pessimistic  side,  since 
detailed  hardware  design  has  not  yet  been  undertaken. 

A  smaller  device  in  which  2  <  k  £  n-2  14  would  require  sixteen 

4-bit  microprocessors,  less  than  3  kbits  of  ROM,  256  dumb  processors  and 
16  kbits  of  RAM.  Phase  lag  would  be  about  10  bits. 

The  splitting  scheme  in  Figure  3.1.1  looks  forbidding  in  two 
dimensions.  But  in  three  dimensions  it  is  very  simple,  no  matter  how 
many  channels  there  are.  Figure  3.1.2  is  a  different  rendering  of  the 
same  process.  It  suggests  regularity  of  the  architecture  more  directly. 


There  are  a  number  of  choices  facing  somebody  who  designs  hardware 
implementations  of  p/s/r  processes. 

YLYK  Ltd.  has  found  a  very  large  number  of  ways  to  decode.  We 
finally  fixed  on  the  DATA/DESIDERATA/DELENDA  approach  to  minimize  the 
number  of  row  operations  at  the  receiver's  hot  precomputation  stage. 

But  other  more  pedestrian  approaches  sometimes  use  less  computer  code. 
In  subsequent  efforts,  these  alternative  approaches  should  be  borne  in 
mind.  Which  one  is  used  depends  on  what  aspect  of  the  decoding  process 
is  most  important.  Our  approach  was  to  minimize  the  time  interval 
between  discovery  of  what  channels  were  inoperative,  and  beginning  of 
real-time  on-line  decode. 


There  is  one  alternative  which  should  be  resolved  as  late  as 
possible  in  an  SBIR  Phase  II  effort  to  produce  a  prototype.  The  reason 
for  delaying  a  decision  is  the  continual  shift  in  relative  costs  and 
speeds  of  hardware  in  the  marketplace.  The  alternative  in  question  is 
whether  to  use  computation  or  memory  to  do  Galois  field  multiplies  and 
divides.  One  the  one  hand  there  are  systolic  multipliers.  On  the 
other,  a  table  of  GF(16)  products  requires  only  16*16*4  =  1024  bits 
of  memory.  The  table  below  tells  the  story  for  various  fields. 


- - 

Field 

Number  of 
bits  to  store 
table  of  products 

- , 

Number  of 

bits  to  store 
table  of  quotients 

Number  of  bits 
to  store  list 
or  reciprocals 

GF( 16 ) 

16*16*4  =  1024 

16*15*4  =  960 

15*4  =  60 

GF(256) 

256*256*8  =*  512k 

256*255*8  =»  510k 

255*8  =  2k 

GF(4,096) 

202  m 

202  ra 

50  k 

GF(b5 , 536) 

69  g 

m  r,  aaaat  i  ■■  re  .t th-.t- t-  t  h  B=3S  -  a  = 

69  g 

1.1  m 

Memory  is  cheap.  The  problem  is  speed.  If  words  can  be  accessed 
quickly  enough,  the  use  of  lookup  for  multiplication  and  division  is 
attractive.  XOR  of  words  will,  of  course,  be  used  for  addition  and 
subtraction. 
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Consider  a  GF(16)  based  p/s/r  process.  If  each  of  16  4-bit 
microprocessors  has  64  bits  of  memory  "on-chip"  the  receiver's  hot 
precompute  can  load  the  appropriate  column  of  the  multiplication  table 
into  these  64  locations  on  each  microprocessor.  This  will  reduce 
multiplication  to  a  lookup  of  a  4-bit  word  on  a  list  of  16  words.  A 
GF(256)  based  p/s/r  process  would  need  2048  bits  of  memory  "on-chip" 
available  to  each  of  the  256  processors  used  in  real-time  on-line 
decode.  Multiply  would  be  lookup  of  an  8-bit  word  on  a  list  of  256 
words  after  the  appropriate  column  of  the  multiplication  table  had  been 
loaded  into  a  given  processor.  What  we  have  said  about  real-time 
on-line  decode  applies  also  to  real-time  on-line  encode,  of  course. 

The  relative  merits  of  this  approach,  as  opposed  to  a  systolic 
system  for  computing  products  algorithmically,  could  change  drastically 
as  new  products  came  onto  the  market  or  the  prices  of  old  products  fell. 

Another  unresolved  alternative  concerns  all  three  stages  of 
precomputation.  Should  we  use  many  "smart”  existing  processors  for  the 
precomputations  or  smarten  up  the  custom  designed  processors  used  for 
real-time  on-line  encode  or  decode  so  that  they  can  carry  out  the 
precomputations  as  well  as  the  encode/decode? 

Many  of  the  cheapest  old  4-bit  and  8-bit  processors  operate  below 
1  mhz ,  whereas  newer  more  expensive  FLA  can  be  driven  faster.  It  would 
take  development  time  to  configure  smart  PLA  to  perform  precomputations, 
whereas  existing  processors  can  be  quickly  programmed.  It  seems  prudent 
to  delay  this  decision  as  long  as  possible,  with  a  view  to  the  state  of 
the  components  market  the  day  it  is  made.  Other  choices  seem  more 
straightforward.  It  hardly  seems  worthwhile  to  try  to  fine  tune  field 
size  so  as  to  get,  for  example,  a  17-out-of-34  p/s/r  process  over 
GF(32).  The  simplicity  of  assuming  that  n  is  no  larger  than  the  field 
size  is  worth  seeking.  Possible  exceptions  to  this  approach  can  be  made 
on  an  individual  basis,  and  will  likely  lead  to  a  dedicated  single 
purpose  box,  such  as  3-out,-of-6  p/s/r  process  over  GF(4). 
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4.  Future. 

At  this  point,  what  remains  is  to  cast  the  p/s/r  processes  into 
hardware.  Three  obvious  general  purpose  (i.e.  variable  k  and  n) 
implementations  would  be: 

1.  (n-1 )-out-of-n,  for  n  1000  using  GF(2)  arithmetic  on  1-bit 

words  and  requiring  no  precomputation; 

2.  k-out-of-n,  for  2  _<  k  _<  n-2  _<  14  using  GF(16)  arithmetic  on 
4-bit  words  and  requiring  precomputations  of  a  few  milliseconds  in 
(cool)  Stage  2  and  (hot)  Stage  3; 

3.  k-out-of-n  for  2  _<  k  n-2  254  using  GF(256)  arithmetic  on 

8-bit  words  and  requiring  precomputations  lasting  about  a  second  in 
Stage  2  and  Stage  3. 

T.t  would  be  interesting  to  produce  a  few  dedicated  (i.e.  fixed  k 
and  n)  implementations  such  as: 

4.  3900-out-of-4000  using  GF(4,096)  arithmetic  on  12-bit  words  (in 
practice  they  would  probably  be  the  last  12  bits  of  16-bit  words) 
no  Stage  2  precomputation,  and  a  several  second  Stage  3 
precomputation. 

5.  100-out-of-4000  using  GF(4,096)  arithmetic,  no  Stage  2 
precomputation  and  a  several  second  Stage  3  precomputation. 

6.  Some  half-and-half  implementation,  i.e.  a  k-out-of  2k  for  the 
largest  value  of  k  which  would  yield  a  tolerably  short  Stage  3 
(hot)  precomputation.  Possibly  a  500-out-of  1000  implementation 
using  GF( 1,024)  arithmetic  on  10-bit  words  could  hold  the  Stage  3 
precomputation  down  to  just  a  few  seconds. 

One  mathematical  topic  which  was  not  targeted  for  the  Phase  I  SBIR 
effort  is  dynamic  reconf iguration.  Suppose  a  sender  and  a  receiver 
start  out  using  a  200-out~of-250  p/s/r  process  to  communicate  over  250 
channels  which  are  all  operative  at  the  start.  Suppose  that  a  new 
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channel  goes  down  every  few  seconds.  It  is  probably  possible  to  do  the 
necessary  reconfiguration  precomputations  one.  at  a  time  after  each 
failure  so  as  to  keep  communications  going  with  negligible  interruptions 
as  the  receiver  migrates  from  one  set  of  200  channels  to  another 
"nearby"  set  of  200,  to  another,  and  so  on. 

Careful  analysis  might  be  able  to  reduce  the  Stage  3  hot 
precomputation  times,  given  that  only  one  channel  at  a  time  goes  down. 
The  viewpont  of  this  proposal  is  that  the  receiver  deals  with  n-k 
channel  failures  at  once. 

An  engineering/ergonoraics  consideration  which  will  have  to  be 
tackled  in  Phase  II,  or  shortly  after,  is  the  question  of  how  the 
receiver  will  ascertain  which  channels  have  gone  down.  Will  it  be  by 
human  decision  that  a  channel  carries  nothing  or  carries  garbage?  Or 
will  it  be  by  some  automated  means  of  sensing  when  a  channel  goes  sour 
statistically,  and  is  therefore  presumed  to  be  down?  Or  will  it  be  by 
sending  periodic  check  sequences  on  each  channel,  the  Idea  being  that 
their  absence  on  the  receiving  end  signifies  channel  failure?  Or  will 
still  some  other  system  be  used?  There  are  many  existing  protocols  and 
algorithms  to  sense  when  a  channel  is  or  is  not  operational.  If 
possible  a  p/s/r  process  box  should  be  a  module  in  a  larger  system. 

This  architecture  would  enable  the  user  in  the  field  to  decide  which 
method  of  sensing  inoperative  channels  is  appropriate  to  the  system  in 
use . 

Such  considerations  may  or  may  not  influence  the  p/s/r  hardware 
directly,  but  will  certainly  be  Important  in  the  context  in  which  a 
p/s/r  process  is  imbedded.  Matters  of  this  sort  will  be  taken  up  In 
more  detail  in  YLYK  Ltd’s  SBIR  Phase  II  Proposal  to  AFOSR.  Up  to  now 
speed  has  been  the  dominant  consideration.  In  Phase  II  cost  will  come 
more  to  the  fore. 
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Military  communications  systems  are  subject  to  trauma.  Certain  channels  fail  for 
protracted  periods  of  time.  The  red  noise  problem  arises  when  some,  but  not  all,  of  the 
channels  linking  a  sender  to  a  receiver  become  inoperative.  The  solutions  to  this  problem 
are  called  pool/split/restitute  processes.  P/s/r  processes  amount  to  ways  to  encode 
digital  messages  at  a  sending  node  so  as  to  make  sure  that  all  transmitted  information  gets 
through  and  is  decoded  correctly  at  the  receiving  node  whenever  at  least  k  out  of  the  n 
channels  linking  those  two  nodes  remain  operative.  P/s/r  processes  are  designed  to  work 
even  though  the  sending  node  has  no  way  to  tell  which  of  the  channels  it  is  using  are 
inoperat ive. 

It  has  been  known  for  at  least  two  years  that  the  encode  and  the  decode  operations 
in  a  p/s/r  process  are  faster  and  simpler  than  those  In  any  but  the  weakest  and  most 
trivial  error  correcting  codes.  Moreover  the  bandwidth  expansion  is  typically  smaller  in  a 
p/s/r  process  than  in  an  error  correcting  code  adapted  to  do  the  same  job.  Tills  project  is 
abned  at  producing  a  further  orders-of-magnitude  improvement  in  the  theory  of  p/s/r 
processes.  This  carries  over  into  a  comparable  improvement  in  implementing  them. 

Anticipated  Benefits  /Potential  Commercial  Applications  of  the  Research  or  Development 

The  availability  of  best-possible  p/s/r  processes  to  solve  the  red  noise  problem  will 
make  it  cheap  and  easy  to  design  fault-tolerant  or  fail-safe  communications  systems  at  all 
levels  of  complexity,  from  the  microscopic  to  the  global.  The  ability  to  overcome  the 
unpredictable  permanent  failure  of  a  certain  specified  proportion  of  the  channels  of 
comnunicatlon  In  a  system  may  have  major  consequences  in  chip  layout,  design  of  wiring 
within  military  platforms,  commercial  vehicles,  telecomraunicat ions  networks,  and  global  C31 
structures.  The  speed  and  simplicity  of  the  Implementation  of  p/s/r  processes  gives 
promise  of  widespread  cheap  channel-failure  insurance  in  gigabit  per  second  communications. 
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Identification  and  significance  of  the  problem/opportunity. 

This  proposal  deals  with  research  and  development  work  on  the  red  noise  problem 
[AS82j.*  It  is  one  facet  of  the  message  gap  [I1R81;  AN83).  It:  is  associated  with  the 
difficulty  experienced  by  two  or  more  centers  in  communication  with  one  another  when  a 
catastrophic  long-lasting  failure  of  some  of  the  communication  channels  linking  them 
occurs. 

More  specifically,  the  red  noise  problem  concerns  a  sending  node  and  a  receiving 
node  linked  by  several  parallel  channels  over  which  information  is  moving  in  digital 
form.  The  problem  is  this.  Suppose  you  are  prepared  to  accept  the  failure  of  n-k 
out  of  the  n  channels  which  are  initially  functioning.  How  do  you  encode  the 
information  at  the  sending  node  so  that  all  of  it  gets  through  as  long  as  any  k 
channels  remain  operative?  How  do  you  decode  this  information  at  the  receiving  node? 
Ways  of  doing  this  are  called  pool/split/restitute  processes. 

Examples  of  systems  faced  with  the  red  noise  problem  are  numerous.  A  few  of  them. 

a  r  e : 

r.  Within  a  single  vehicle  or  platform  --  such  as  a  missile,  an  aircraft,  a 

ship,  a  tank  or  a  spacecraft  —  there  might  be  eight  separate  wires  or  fibers 
carrying  information  from  an  area  containing  power  supplies,  engines,  control 
devices  and  weapons  to  an  area  containing  human  or  electronic  controllers. 

It  is  imperative  that  the  controllers  continue  to  receive  all  of  the  highest 
priority  types  of  information  even  though  three  wires  (nobody  knows  in 
advance  which  three)  or  fibers  are  cut  by  accident  or  trauma.  This 
guaranteed  5  out  of  8  reliability  may  have  to  be  cheap  in  thi  sense  that  it 
must  be  provided  by  tiny  inexpensive  circuitry; 

1.  At  the  global  level  or  the  theater  level,  consider  communications  between 
commanders  and  subordinates,  or  between  separate  command  centers  (whether 
these  are  vehicles  or  cities  or  redoubts  or  satellites  is  irrelevant 
mathematically)  connected  by  ten  communications  channels.  Several  of  these 
channels  might  be  optical  fibers,  several  might  be  microwave  relay  tower 
chains,  and  a  few  might  be  satellite  relay  links.  In  the  event  of  emergency 
it  might  be  imperative  for  all  high  level  communications  to  get  through, 
continuously  after  six  of  these  ten  channels  fail,  even  when  the  sender  does 
not  know  which  four  of  his  outgoing  channels  are  successfully  carrying  thei r 
information  to  the  intended  receiver.  It  might  be  imperative  to  provide  this 
guaranteed  A  out  of  10  reliability  to  communications  systems  working  at  very 
high  bit  rates; 

III.  On  the  microscopic  scale,  VLSI  and  VHSIC  are  forcing  more  active  elements  and 
more  pathways  onto  a  chip.  It  is  increasingly  important  to  assure  the  s.Oe 
arrival  of  every  bit  at  the  proper  place  in  timely  fashion  even  though 
certain  circuit  elements  fall.  Th  i  s  must  be  done  in  an  exLremely  simple  wav 
so  as  not  to  gobble  up  too  much  of  the  chip  just  for  this  assurance  of 
reliability.  Perhaps  it  would  he  desirable  to  use  an  8  out  of  10  p/s/r 
process  to  move  a  16-bit  word  from  memory  along  ten  2-bit  channels  so  that 
the  whole  word  gets  through  despite  the  failure  of  any  two  of  those  ten 
r.hanne  Is. 

IV.  The  word  "channel"  should  not  he  allowed  to  obscure  the  abstract 

possibilities.  Separate  packets  in  a  local  area  network  can  be  treated  as 
separate  channels  since  each  packet  can  he  500,  1000,  2000  or  some  such  large 
number  (ST83]  of  bits.  The  bits  in  a  single  packet  get  through  all  together 


*Footnote:  All  entries  in  square  brackets  refer  to  the  hi bliographic  citations  list 

beginning  on  page  17. 


or  not  at  ali,  according  as  the  padiyt  reacl.es  its  destination,  or  else  is 
destroyed  in  a  collision  or  otherwise  goes  astray  [  BL83a,  p.  3;  P082 ,  pp. 

7 6- 1 0 1 1 .  Lt  collisions  anJ  misrout lugs  are  present,  hut  rare,  a  61  out  ut  64 
p/s/r  process  appli ed  to  successive  hatches  of  63  packets  from  a  given  sender 
to  a  single  receiver  night  provide  cheap  insurance  at  a  bandwidth  expansion 
of  1/64  =1.5%. 

Obviously,  comparable  examples  could  be  produced  in  many  other  contexts.  But 
abstractly  they  all  point  up  the  same  need.  It  Is  Important  to  find  extremely  simple 
encode /decode  schemes  to  provide  cheap  ways  of  assuring  very  high  bit  rate  solutions 
to  the  problem  of  getting  all  the  important  Information  from  sender  to  receiver 
whatever  channels  remain  —  in  the  absence  of  prior  (or  even  concurrent)  knowledge  of 
which  channels  are  the  lucky  survivors  —  as  long  as  there  are  enough  channels  still 
operative  to  come  up  to  the  initial  specifications. 

This  might  sound  reminiscent  of  the  use  of  error  correcting  codes  to  correct 
burst  errors,  and  in  a  way  it  is.  However,  during  the  two  years  since  the  red  noise 
problem  was  recognized  [AS82]  as  important  in  its  own  right,  tailor-made  solutions 
have  been  advanced  which  are  much  cheaper  (  ilgorithmically ,  but  this  entails  a 
comparable  dollar  saving  la  implementation)  than,  and  much  faster  than,  the  use  of 
standard  error  correcting  code  techniques  [BL83a,  pp.  367-389;  MC77,  pp.  181-186, 
212-213;  BE68,  pp.  393-394;  VI79,  pp.  227-300J  to  solve  it. 

A  moment's  reflection  shows  why  this  might  be  so.  Error  correcting  codes  are 
designed  to  deal  with  errors  occuring  anywhere  In  the  transmitted  data  stream  (as  long 
as  these  errors  are  not  too  numerous)  [VI79,  p.  34].  These  errors  can  be  very 
irregularly  spaced.  In  a  mathematical  sense  which  should  become  clearer  below,  red 
noise  errors  can  be  viewed  as  occurring  with  a  definite  periodicity  in  the  received 
bit  stream.  Such  a  well  behaved  type  of  error,  of  course,  constitutes  a  subproblem  of 
the  general  error  correction  problem.  So  it  seems  plausible  (and  turns  out  actually 
to  be  the  case)  that  the  solution  might  be  conceptually  simple,  as  well  as  easy  to 
implement  in  a  cheap  fast  way.  The  recent  literature  f ASS 2 ]  and  some  as  yet 
unpublished  work,  bears  this  out.  But  in  1983  a  further  remarkable  simplification  nr.l 
speedup  of  both  the  encoding  and  decoding  processes  used  to  solve  the  red  noise 
problem  has  been  suggested  by  current  research.  Several  Important  instances  of  this 
further  orders -of -magnitude  improvement  have  been  discovered  and  verified  as  the 
result  of  a  powerful  heuristic  principle.  The  research  on  this  project  will  attempt 
to  turn  this  heuristic  principle  into  a  rigorous  tool  for  producing  this 
orders-of -magni tude  improvement  of  both  the  speed  and  the  cost  of  the 
encoding/decoding  schemes  for  combatting  red  noLse  in  many  or  all  cases  of  the 
problem.  It.  aims  to  produce  a  complete  taxonomy  of  best  possible  (or,  more  properly 
speaking,  almost  best  possible)  solutions  of  the  red  noise  problem.  Time  permitting, 
it  will  make  a  preliminary  abstract  analysis  of  how  to  design  electronic 
implementation  of  these  coding/decoding  processes  using  cheap  off-the-shelf  components 
to  attain  bit  rates  well  above  a  megabit  per  second. 

4.  liackground,  technical  approach  and  anticipated  benefits. 

4a.  Background.  An  understanding  of  the  red  noise  problem  and  the  objects  which 
solve  it.,  namely  pool/spll  t/restitute  processes,  is  best  acquired  by  looking  at  the 
history  of  the  last  five  years.  In  a  1978  NSF  proposal,  Blakley  invented  a  new 
cryptographic  object,  t he  threshold  scheme  (He  called  it  a  key  safeguarding  scheme, 
hut  Denning's  well  known  cryptography  and  data  security  textbook  [UE82|  has  ma<!< 
threshold  scheme  .tie  standard  terminology).  His  paper  describing  the  notion,  and 
giving  the  first  example  was  presented  at  NCC  '79  and  published  ]Bh/9!  in  the 
proceedings  of  that  meeting. 

A  k  out  of  n  threshold  scheme  is  a  mathematical  way  of  utilizing  a  source  ot 
random  hits  to  take  an  Important  piece  of  digital  information,  called  a  substunC" 


(there  isn't  much  harm  in  thinking  of  a  substance  as  just  being  a  plaintext  message) 
and  produce  n  output  pieces  of  information  called  shadows  of  the  original 
substance.  A  shadow  can,  without  too  much  inaccuracy,  be  thought  of  as  being  part  of 
a  ciphertext  message.  Every  shadow  is  about  the  same  size  as  the  substance  and, 
collectively,  the  shadows  securely  carry  the  full  import  of  the  substance  in  the 
following  sense.  There  is,  on  the  one  hand,  a  trivial  algorithm  which  can  reproduce 
the  substance  if  any  k  of  the  n  shdows  are  inputted  to  it.  But,  on  the  other 
hand,  it  is  Impossible  co  gain  any  inkling  of  the  value  of  the  substance  on  the  basis 
of  knowledge  of  only  k-1  or  fewer  of  the  shadows.  The  justification  of  this  latter 
statement  is  somewhat  technical.  Nevertheless  the  basic  idea  can  be  expressed  fairly 
briefly  in  terms  of  what  Konheim  [K081,  p.  31]  calls  the  Bayesian  opponent.  Just  as 
it  is  possible  to  prove  [BL81a]  the  one-time  pad  [DI79  pp.  399-400,  DEB  2  pp.  86-87] 
perfectly  secure  in  the  Shannon  [SH49]  sense,  so  it  is  possible  to  prove  that  a  k 
out  of  n  threshold  scheme  is  (Shannon)  perfectly  secure  up  to  threshold  k.  This 
means  that  the  Bayesian  opponent  cannot  modify  a  (perhaps  shrewd)  initial  guess 
regarding  the  substance  on  the  basin,  of  knowledge  of  only  k-1  shadows.  Somewhat 
more  formally: 

A  posteriori  probability  that  the  substance  has  a  value  equal  Lo  S  (given  that 

the  objects  h(l),  h(2),  ...»  h(k-l)  are  known  to  be  shadows  of  that  substince) 

=  A  priori  probability  that  the  substance  has  a  value  equal  to  S. 

To  be  more  concrete,  suppose  there  is  a  roll  of  magnetic  tape  (the  substance) 
which  contains  the  full  iivcntory  of  payloads,  locations  and  targets  of  all  missiles 
belonging  to  A  on  day  •>.  Somebody  might  think  this  information  important  enough  tr 
merit  protection  bv  a  4  out  of  9  threshold  scheme.  This  will  involve  use  of  a  trivial 
algorithm  which  takes  this  original  roll  of  tape,  together  with  4  tape  rolls  worth  of 
random  hits,  and  produces  9  rolls  of  mag  tape  (the  9  shadows  of  tin*  original 
substance)  as  outputs.  Now  an  opponent  of  A,  let  us  call  it  R,  might  quite 
correct  lv  suspect  at  t.he  outset  that  several  of  these  missiles  are  targeted  on  some 
important  spot,  call  it  M.  But  If  R  can  only  obtain  3  of  the  (shadow)  rolls  oi 
mag  tape  it  cannot  shed  any  new  light  on  this  initial  conjecture.  It  started  out  with 
a  good  bet  that  its  conjecture  is  correct.  It  winds  up  witli  exactly  the  same  odds. 

If  R  can  get  4  of  the  9  rolls,  of  course,  the  game  is  over.  It  has  crossed  the 
threshold  of  information  and  can  reconstruct  the  entire  original  roll  of  mag  tape.  S', 
it  knows  everything  A  does. 

Shamir,  bv  the  way,  introduced  the  threshold  terminology  in  a  paper  [SH79]  which 
independently  invented  the  idea  of  threshold  scheme  a  few  months  after  (Bl.79],  and 
gave  a  better  example  of  how  to  implement  the  notion.  After  the  Binkley  [BL79J  and 
Shamir  [S1179]  papers  appeared,  several  people  Interested  in  information  theory  and 
computer  science  took  up  the  topic.  Asmuth  and  Bloom  [AS81  |  produced  t  huge  fam:  iy 
threshold  schemes,  of  which  Shamir's  was  a  special  case.  Tiny  also  gave  the  only  way 
known  to  date  tor  "spoof  proof  ing”  a  threshold  scheme,  a  notion  we  won't  con.-idei 
further  here.  Ait  they  paid  a  price  for  this  extra  feature,  a  small  departure  from 
Shannon  perfect  security.  Then  Bloom  [BI.Hlh]  generalized  the  one-time  pad  ( r  *  •  a  i  I  v  the 
out  of  2  case  of  a  threshold  scheme,  rather  than  a  true  |  Hi  HO;  i)KK2,  p.  I  r>  7 1 
cryptosystem)  so  as  to  produce  essentially  the  fastest  possible  threshold  scheme.  !,• 
also  noted  that  it  is  possible  to  reduce  message  expansion  in  a  threshold  scheme,  hut 
only  at  the  cost  of  reducing  security. 

Blaklcy  ! Bl.79],  Shamir  [ S 117 91,  4smith  and  Bloom  [AS8l|,  and  Bloom  [BiRlh] 
independently  discovered  that  any  k  out  of  n  threshold  s rheme  which  made  use  <u  a 
finite  field  |  JA64 ,  pp.  38-62 ;  l'L82,  pp.  44-38;  Bl,83a,  pp.  63-92)  required  the.  t  the 
field  contain  at  least  n  elements.  Bloom  gave  a  persuasive  argument  [Bl.Blb]  to  the 
effect  that  this  was  necessary  in  order  to  attain  Shannon  perfect  security.  David  a, 
DeMillo  and  Lipton  [PASO]  produced  another  threshold  scheme.  Heilman,  in  company  with 
his  students  Karnin  and  Dreen  [ KAH i | ,  p; educed  schemes  without  sharp  thresholds  and 
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shewed  that  adding  certain  desirable  features  to  threshold  schemes  necessarily  impair 
.Shannon  perfect  security,  thus  explaining  what  Asnuth  and  Bloom  ]AS81]  liad  observed 
regarding  spool  proof ing.  McEliece  and  Sarwate  [Mt’ril]  produced  yet  another  threshold 
scheme,  and  drew  the  theories  of  threshold  schemes  and  of  error  correcting  codes  into 
a  single  compass  by  exhibiting  an  explicit  relationship  between  Shami r's  ]Sh/9]  .sc  hem 
and  Reed-Solomon  codes  (KE60;  BE74,  pp.  70-7  i]. 

IVo  aspects  of  threshold  schemes  worth  noting  explicitly  are: 

i.  Threshold  schemes  are  related  to  error  correcting  codes.  But  the  "decode"  i 
a  threshold  scheme  is  trivial,  whereas  decode  can  be  a  formidable  (ilE78; 

N’T8 1  ]  problem,  even  an  NP-complete  [GA78]  problem,  In  an  error  correcting 
code. 

I  I.  As  of  1982,  most  k  out  of  n  threshold  schemes  made  use  of  finite  fields 
(Galois  fields)  [JA64,  pp.  58-62;  MA77,  pp.  93-124;  PE72,  pp.  144—169] .  All 
[AS83;  BL79;  BL81b;  SH79]  such  schemes  required  a  field  with  at  least,  n 
elements. 

I,ast  year,  Asmuth  and  Blakley  [AS82]  explicitly  enunciated  the  red  noise  problem 
and  solved  it  by  means  of  a  p/s/r  process  based  on  the  Chinese  Remainder  Theorem. 

This  p/s/r  process  could  be  viewed  as  being  just  “an  Asmith-Bloom  threshold  scheme 
completely  lacking  in  cryptographic  security".  Its  great  advantage  was  its 
flexibility  in  dealing  with  information  sources  with  very  different  bit  rates.  Yeats 
ago  Stone  (ST6  3)  had  u.sed  much  the  same  approach  to  solve  a  problem  in  the  theory  oi 
error  correcting  codes. 

4b.  Technical  approach.  With  this  background  it  is  now  possible  to  give  the 
general  framework  of  the  present  research.  The  principal  investigator.  Bob  Blakley, 
has  already  taken  a  Bloom  threshold  scheme  and  produced  from  it  the  corresponding 
p/s/r  process.  It  wiLl  be  called,  simply,  a  Bloom  p/s/r  process  below,  lie  has 
simulated  its  operation  on  a  high  speed  digital  computer. 

The  k  out  of  n  case  of  this  Bloom  p/s/r  process  works  as  follows.  Suppose 

that  b  is  a  whole  number  (positive  integer  |MA67,  p.  47])  so  big  that  2h  >_  n.  The 
any  ancestral  list  (a(l),  a(2),  ...,  a(k))  of  k  words  [MA67,  p.  43]  (each  of  whir 
is  a  b-bit  word)  is  turned  into  a  descendant  list  (d(l),  d(2),  ...,  d(n)>  of  n 
b-bit  words.  This  is  the  encode  (i.e.  the  pool/split)  process.  It  is  done  in  such  a 
way  that  any  k-word  sublist  [MA67,  p.  228]  (d(j(l)),  d(j(2)),  ...,  d(j(k))  of  tin- 

descendant  list  (d(l),  d(2),  ...,  d(n))  contains  enough  information  to  reclaim  th 
ancestral  list  (a(l),  a(2),  ....  a(k))  in  its  entirety.  This  is  done  by  a  decode 
(i.e.  restitute)  process  which  uses  no  more  than  trivial  linear  algebra  over  the 

finite  field  GF(2^).  By  comparison  with  threshold  schemes  and  error  correcting  code 
this  Bloom-style  p/s/r  process  has  the  following  features. 

I.  Its  k  out  of  n  case  effects  only  (n/k)-fold  message  expansion.  Thus  its 
8  out  of  10  case  effects  a  25%  message  expansion  (from  1  unit  to  10/8  =  1.25 
units).  This  expansion  is  quite  obviously  best  possible  for  a  scheme  which 
can  recover  eight  b-bit  ancestral  words  from  any  eight  of  ten  h-bit 
descendant  words. 

II.  The  Bloom  p/s/r  Is,  to  all  intents  and  purposes,  the  p/s/r  process  which  us" 
the  smallest  possible  number  of  arithmetic  operations  in  the  finite  field  i' 
utilizes.  T  t  s  "encode"  (i.e.  pool/split)  and  "decode"  ("i.e.  restitute") 
processes  are  both  trivial,  exhibiting  much  less  computational  complexity 
than  the  decodes  in  any  error  correcting  code  which  might  be  adapted  to  do 
the  same  job.  The  reason  for  this  is  that  the  error  correcting  code  exhibit 
overkill  because  it  is  a  general  purpose  tool.  It  is  invented  to  deal  with 
many  more  type.;  ]f!A80,  p.  24]  of  "errors"  than  one  encounters  when  dealieg 


with  rod  noise.  This  p/s/r  process  is  n  special-purpose  tool  for  dealing 
with  red  noise. 

1  II.  P/s/r  processes  are  not  cryptographic  objects  in  any  sense  of  the  word.  The 
do  not  involve  any  type  of  crypt ose cur ity.  They  do  nothing  more  than  guard 
against  loss  of  signal,  and  therefore  fall  within  the  general  area  of  error 
contro 1 . 

4c.  Anticipated  benefits.  The  linear  algebra  of  large  finite  fields  can  take 
rrany  machine  cycles  per  multiply  or  di  vide.  It  can  also,  in  the  worst  circumst.  ncc-s  , 
make  considerable  demands  on  memory.  During  1983  a  heuristic  principle  has  com--  to 
light  which  massively  reduces  this  aspect  of  the  computation  in  numerous  cases.  Prom 
Bloom  p/s/r  processes  it  produces  hyperfast  p/s/r  processes  which  encode  and  decode 
bytes  or  larger  words  in  less  than  ten  machine  cycles  (on  highly  parallel  processors) 
for  almost  all  practical  choices  of  k  and  n.  This  heuristic  suggests  the 
possibility  of  comparable  reductions  in  many  other  cases.  Consider  an  example  which 
at  first  blush  seems  extreme.  In  April,  1983  we  have  reduced  the  memory  requirements 
for  one  implementation  of  a  60  out  of  62  scheme  by  orders  of  magnitude.  As  regards 
the  parameters,  60  out  of  62,  one  cannot  readily  conceive  of  so  many  fibers  joining 
two  nodes.  But,  returning  to  the  packet-switching  example  above,  it  is  easy  t  - 
imagine  one  or  two  packets  out  of  sixty  going  astray.  Also,  recently  developed 
continuously  reconfiguring  mult i microprocessor  control  systems  [EL83]  appear  to  have 
many  virtual  channels. 

At  any  rate  it  appears  that  this  heuristic  principle  —  already  successful  in 
making  a  k  out  of  k+1  or  a  k  out  of  k+2  Bloom  p/s/r  process  capable  of 
decoding  in  something  like  3k  machine  cycles  on  an  ordinary  microprocessor,  and  in 
about  log(k)+2  cycles  on  a  parallel  processor  —  will  lead  to  ways  to  reduce  the  run 
time  of  hardware  implementation  of  all  k  out  of  n  schemes  by  comparable  amounts. 
This  should  make  them  able  to  run  on  gate  arrays,  programmable  logic  arrays  or  other 
standard  cell  [NE83,  pp.  470-471]  hardware,  or  even  other  cheap  off-the-shelf  devices 
at  rates  well  above  the  megabit  per  second  range. 

The  ability  to  code  and  decode  at  such  bit  rates  becomes  increasingly  desirable 
with  the  emergence  of  tiny  cheap  cleaved  coupled-cavity  lasers  [TH83].  They  make  it 
possible  to  use  a  73  mile  fiber  without  a  repeater  [AB83]  to  communicate  at  420 

-9 

megabits  per  second  with  an  error  rate  of  10  (TH83;  LI83,  p.  363],  Lt  seems  likel 

1 008  3]  that  terabit  per  second  comimini  cation  systems  are  in  the  ol  fing  now  that  30 
femtosecond  light  pulses  are  available.  Theoretically,  further  orders-ot -magnitude 
improvements  in  processing  gains  because  of  exploitation  of  photonic  efficiency  of 
detectors  (GAS 3,  p.  526]  as  well  as  by  means  of  preservation  of  polarization  [KA83! 
are  possible  even  after  that.  Until  optical  computers  are  developed  we  will  need 
code/decode  schemes  of  minuscule  computationa 1  complexity  to  deal  witli  such  bit  rates 

The  hyperfast  p/s/r  processes  have  a  further  advantage,  in  addition  to  low 
computational  complexity  (which  amounts  to  high-speed  low-cost  implementab i i i tv  on 
simple  hardware).  They  can  also  be  implemented  in  a  highly  parallel  way,  s0  that 
separate  devices  can  do  concurrent  decoding  for  separate  channels,  and  each  device  oa 
do  many  operations  In  parallel. 

lt  is  now  clear  how  to  move  digital  information  with  minimum  redundancy  and 
maximum  speed  (an  unusual  plus,  best  possible  in  two  ways)  at  a  modest  dollar  cost 
(which  does,  however,  rise  with  desired  data  throughput  rate)  so  as  to  overcome  a 
predetermined  level  of  threat  of  channel  failure. 

Presumably  the  existence  of  such  a  capability  could  affect  the  design  of 
everything  from  chips  to  the  fiber  "wiring"  of  missiles,  ships,  tanks,  planes  and  the 
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The  ed  f i) nr,  .  t  the  encode  .1  Igoritlun  Is  so  similar  lo  the  expected  torra  of 

the  deco.ie  that  we  will  not  discuss  it  here.  See  Section  6  below. 

rhe  first  technical  objective  of  Phase  1,  then,  is  production  of  the  encode 
algorithm  and  tht-  decode  algorithm  for  the  k  out  of  n  case  of  a  hyperfast  p/s/  r 
process.  Each  of  these  is  in  the  form  of  a  bunch  of  separate  and  independent  dot 

products  in  k  or  n  dimensional  vector  spaces  over  GK(2k)  for  soitk>  positive 
integer  b  near  iog(k). 

The  second  technical  objective  is  a  portfolio  of  abstract  design  principles  fur 
i  rplemvntation  of  such  a  p/s/ r  process.  YLYK  Ltd.  plans  to  sketch  rite  abstract 
principles  behind  impier.ie  nt  ing  such  a  k  out  of  n  p/s/r  process  by  means  of  an 
existing  16-bit  microprocessor,  an  existing  programmable  logic  array  or  gate  array, 
and  a  hypothetical  vector  microprocessor  with  a  16-bit  word  size,  and  vectors  of  up  t 
1024  words. 

It  is  to  be  emphasized  that  the  plan  for  Phase  I  is  to  deliver  the  encode  and 
decode  algorithms  in  definitive  and  final  form.  But  YLYK  Ltd.  will  on  iy  sketch,  as 
time  allows,  the  basic  abstract  features  of  hardware  implementation.  YLYK  Ltd.  will 
not  produce  hardware,  or  even  the  final  design  of  hardware,  in  Phase  I. 

b.  Phase  I  work  plan. 

It  is  no  longer  possible  to  avoid  technicalities.  Before  we  describe  the 
heuristic  device  for  producing  these  cases  of  hyperfast  p/s/r  processes  and, 
thereafter,  finding  the  general  hyperfast  p/s/r  process  it  is  necessary  to  look  more 
deeply  into  the  geometry  of  Bloom  p/s/r  processes.  The  collection 

V(k,F)  =  {(l,m,m2,m3,...,mk_1)  e  Fk:  m  e  F} 


is  in  general  position  [YA68,  p.  164;  MA77,  p.  326]  in  the  k-dimensional  vector  spirt 

F  over  any  field  F.  In  other  words,  suppose  that  k  lies  between  2  and  the 
cardinality  [MA67,  p.  53]  of  F.  Then  every  k  by  k  nvitrix  of  the  form 

|“  1  ra(l)  m( 1 ) 2  ...  ra(l)k~l  ~ 

( 

!  :  m( 2)  m(2) 2  ...  m(2)k_1 

•  •  •  •  • 

•  •  •  •  • 

]  •  •  •  •  • 

1 —  1  m(k)  m(k)2  ...  m(k)k  '  — 

(where  the  m(i)  are  pai  rwise  dist  inct)  Is  nonsingular  because  it  is  a  Vandorm.,  nde 
matrix  [11071,  p.  1 2 5 j  .  The  formal  definition,  then,  is  that  a  set  of  vectors  is  in 
general  position  in  a  k-dimensional  vector  space  W  if  every  one  of  its  k -member 
subsets  is  a  basis  for  the  space  W.  More  important  than  what  we  said  about  V(k  ,!•'), 
but  far  less  trivial,  is  the  fact  that 

V* ( k , F )  =  V ( k , F )  :■  {(0,0,. ...0,1,0 . 0)}  -  V(k,F)  it  {cl 

(where  the  1  is  in  any  position)  Is  also  in  general  position.  This  requires  use  oi 
the  theory  of  symnvtrlc  polynomials  |RK67,  pp.  457-458).  So  getting  just  one  more 
vector  into  the  set  takes  a  lot  more  doing.  But  so  far  the  extra  effort  seems 
essential  to  what  we  propose  to  do.  The  way  a  Bloom  k  out  of  n  p/s/r  process 
works  Is  to  take  a  fairly  large  set  of  vectors  (at  least  11  of  them)  in  general 

position  In  the  k  d  i  mens  i  oiu  1  vector  space  (JF(q)  over  the  field  LF(q)  ut  q 


elements.  There's  no  harm  in  taking  V*(k,  GF(q))  if  q  _>  n*  Suppose  that  q  is  a 
power  of  2,  i.e.  that  q  =  2b.  Suppose,  also,  that  the  p/s/r  process  is  meant  to 
work  by  accepting  one  b-bit  word  after  another  from  each  of  k  input  channels 
(ancestral  channels)  at  the  source.  It  should  then  send  one  b-bit  word  after  another 
down  each  of  n  descendant  channels  to  the  receiver.  Each  one  of  these  descendant 

channels  is  identified  with  a  vector  belonging  to  V  (k,  GF(2b)).  Once  some  channels 
fail,  and  a  decoding  scheme  is  employed  on  k  of  the  channels  which  still  work,  it 
acts  the  same  way  on  every  successive  b  bits  in  each  channel.  So  it  suffices  to 
look  at  a  single  time  slice  through  the  system.  In  such  a  slice  encoding  is  done  by 

defining  a  linear  map  [H071,  p.  67]  L  :  GF(2^3)*C  ♦  GF(2b)  by  setting 

L(w(i))  «  the  ith  b-bit  ancestral  message 

*  b 

for  the  vectors  w(l),  w(2),  ...,  w(k),  in  some  ordering  of  V  (k,  GF(2  )),  which 
corresponds  to  the  k  ancestral  inputs.  These  are  assumed  to  be  sent  unaltered  down 
the  first  k  descendant  channels.  In  addition  to  that,  the  sender  solves  for  any 

other  member  y  of  V  (k,  GF(2b))  In  the  form 

y  =  c(y ,  1  )w(  1 )  +  ...  +  c(y,k)w(k) 

as  a  linear  combination  of  the  w(i)  with  coefficients  c(y,i)  drawn  from  GF(2b). 
Down  the  channe’  corresponding  to  y  is  sent  the  message 

I.y  =  L(e(y ,  1  )w(  1 )  +  ...  +  c(y,k)w(k))  =  c(y,l)Lw(l)  +  ...  +  c(y  ,k)U?(.v.)  • 

Addition  is  GF(2b)  addition  (i.e.  exclusive  or,  XOR,  of  b-bit  words)  and 

multiplication  is  GF(2h)  multiplication,  since  both  c(y,i)  and  Lw(i)  are  members 

of  GF(2b).  All  the  linear  algebra  is  a  precomputation,  of  course.  Hence  the  c(y,i) 

are  available  before  encoding  starts.  Decoding  involves  a  once-for-all  solution 

(another  precomputation)  of  linear  equations  to  find  the  {w( 1 ) ,w( 2) , . . . ,w(k) }  in 
terms  of  a  collection  of  any  k  of  the  y's.  This  gives  the  Lw(i)'s  (the  ancestral 
b-bit  messages)  in  terms  of  the  Ly's  (the  descendant  b-bit  messages).  The  whole 

thing  works  because  any  k  members  of  V  (k ,  GF(2b))  are  a  basis  for  the  vector 
h  k 

space  GF( 2  )  ,  i.e.  because  of  the  general  position  assumption. 

This  sounds  abstract,  for  the  usual  reason.  It  was  written  to  fit  into  a  small 
compass,  without  too  many  numbers  and  subscripts  littering  the  printed  page.  But  ail 
the  objects  .ire  explicitly  given.  For  example,  a  3  out  of  7  p/s/r  process  could 

3 

make  use  of  the  field  GF(8) ,  the  3-dimensional  vector  space  GF(8)  ,  and  the 
9 -member  set 

V*(  3 ,  GF  (  8)  )  =  {(1, m,m2):  m  £  GF(8)}  ■;  {e }  , 

where  c  is  either  (0,1,0)  or  (0,0,1).  For  a  Bloom  p/s/r  process  it  doesn't 
matter  which.  For  our  purposes,  building  hyperfast  p/s/r  processes,  the  choice  of  <- 
seems  to  be  crucially  important.  It  appears  to  require  an  amount  of  trial  and  error 
tedious  for  humans,  but  trivial  on  a  con|)uter. 

A  k  out  of  n  Bloom  threshold  scheme  would  require  use  of  GF(2l)  where 
2*'  >  n.  Thus  a  99D  out  of  1000  scheme  would  require  GF(  1024)  multiplications.  In 
table  lookup  mode  this  would  require  a  table  of  over  one  million  10-bit  words. 


Obviously  one  would  trade  time  off  against  memory.  but  then  each  multiplication  would 

involve  dozens  of  machine  cycles,  and  each  division  could  require  hundreds.  The 

simple  heuristic  we  describe  below  says  that  the  threshold  scheme  analogy  is 
hopelessly  pessimistic.  A  990  out  of  1000  hyperfast  p/s/r  process  should  require  only 

Cc(16)  mult Iplications.  This  uses  only  a  table  of  256  four-bit  words. 

The  heuristic  for  producing  hyperfast  k  out  of  2^+1  p/s/r  processes  which  use 
linear  algebra  over  extremely  small  fields  of  characteristic  two  [JA64,  p.  61;  PIX2, 

p.  46;  BL83a,  p.  80]  goes  as  follows.  Do  not  use  just  any  collection  of  2^+1 

vectors  in  general  position  over  GP(2^)^.  Use  V  (k,  GF(2^)),  where  the  vector 
e  =  (0,0, . . .  ,0, 1 ,0, . . . ,0)  is  chosen  by  trial  and  error  from  among  the  k  possible 

b  k 

unit  coordinate  vectors  [N069,  pp.  473-474)  in  GF(2  )  to  satisfy  the  following 
condi tlon. 

Heuristic :  A  k  out  of  k+j  hyperfast  p/s/r  process  can  be  formed,  in  the  Bloom 

manner,  over  GF(2^)  if  j<2^.  Forma  Bloom  p/s/r  process  using  V  (k,  GF(2^>) 
for  each  possible  choice  of  e  =  (0,0, . . . ,0, 1 ,0, . . . , 0)  and  examine  the  corresponding 
coefficients  c(y,i).  There  is  a  minimal  e,  in  the  sense  that  all  the  c(y,i)  for 

this  e  belong  to  a  smallest  subfield  of  GF(2U),  where  2U  >  k+j.  This  minimal  e 

may  have  the  property  that  all  c(y,i)  belong  to  GF(2  ),  where  j  <  2  ,  and  where 
e  is  the  smallest  Integer  exponent  for  which  this  is  true. 

In  the  following  paragraphs  we  will  give  some  motivation  for  the  heuristic.  Here 
is  a  summary  of  the  known  cases  of  a  hyperfast  p/s/r  process  it  has  suggested, 
directly  or  Indirectly: 

4  out  of  5  over  GF(2),  followed  by  general  k  out  of  k+1  over  GF(2); 

3  out  of  6  over  GF(4),  and  4  out  of  6  over  GF(4); 

7  out  of  14  over  GF(8). 

This  last  was  made  possible,  with  limited  computer  power,  by  adroit  use  of  Zech's 
logs  [MA,  p.  91-92].  It  might  lead  to  a  more  general  k  out  of  k+7  hyperfast  p/s/r 
process  over  GF(8)  soon.  Conceivably  the  cases  8  out  of  14,  9  out  of  14,  and  10 

out  of  14  can  also  he  produced  over  GF(8)  and  made  to  give  rise  to  more  general 
cases  involving  k  out  of  k+7,  k  out  of  k+6,  k  out  of  k+5  and  k  out  of  k+4 
over  GF(8).  But  to  get  such  things  as  a  k  out  of  k+8  p/s/r  process  using  only 
the  arithmetic  of  GF(16)  will  likely  require  the  effort  and  the  computer  power  of  an 
IBM  PC  programmed  in  assembly  language  running  for  hours. 

We  recall  that  GF(2)  -  Z/(2)  is  [BL83a,  pp.  69,75]  the  field  of  two  elements, 
I.e.  the  integers  modulo  2,  l.e.  the  set  {0,1}  under  the  addition  and  multiplication 
tables 
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The  following  encode  and  decode  rules  obviously  work  for  a  4  out  of  5  p/s/r, 
where  all  arithmetic  is  done  in  GF(2).  To  encode  (i.e.  to  pool/split)  an  ancestral 
list  (a(l),  a(2),  a(3),  a(4))  of  four  l-bit  words,  let 

d(  1)  =  a(  1 )  ;  d(  2)  =  a(2);  d(3)  =*  a(3); 

d( 5)  =  a( 1)  +  a( 2)  +  a(3)  +  a(4). 

To  decode  if  d( 5)  is  missing  set: 


d( 4)  =  a( 4) ; 


a(4)  -  d(4). 


If  d(  1 )  Is  missing  set; 

a(i)  =  d(2)  +  d( 3)  +  d(4)  +  d( 5) ;  a<2)  =  d(2);  a( 3)  =  d( 3) ; 

If  d(.  2)  or  d ( 3 )  or  d(4)  is  missing  the  obvious  analog  of  the  case  immediately  above 
decodes  successfully.  This  can  be  more  readily  seen  in  terms  of  matrices  over  [H071, 
p.  6)  the  field  GF(2) 
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M  I  3] 


1  0  0  0  0 
0  10  0  0 
110  11 

0  0  0  1  0 


Mi  4] 


1  0  0  0  0 
0  10  0  0 
0  0  10  0 
1110  1 


Ml  5] 


1  0  0  0  0 
0  10  0  0 
0  0  10  0 
0  0  0  1  0 


Then  encoding  is  the  rule  D  =  EA.  And  decoding  is  the  rule  A  =  M[i)D  when  d(i) 
is  missing.  This  works  because 

M[i]D  =  M[i](EA)  =»  (M(i]E)A  =  LA  =  A 


when  the  ith  entry  of  D  is  absent.  This  is  because  every  M(i]  is  a  left  Inverse 
[N069,  p.  11]  of  the  nonsquare  matrix  E,  and  because  M[i]D  is  independent  of  d(i) 
(since  the  ith  column  of  M[i]  contains  only  zeros).  Clearly  [N069,  pp.  11-17, 
132-135]  E  cannot  have  a  right  inverse  [N069,  p.  11]. 


Instead  of  a  4  out  of  5  p/s/r  we  could  as  easily  have  defined  a  k  out  of 
k+1  p/s/r  process  using  only  the  arithmetic  of  GF(2).  This  is  quite  unlike  what 
happens  when  threshold  schemes  are  involved.  To  implement  a  k  out  of  k+1 
threshold  scheme  you  must  use  the  arithmetic  of  the  much  larger  field  GF(Q),  where 
Q  >  k+1. 

The  extreme  simplicity  of  this  k  out  of  k+1  p/s/r  process  (its  use  of  only 
GF(2)  arithmetic)  is  not  a  fluke.  Moving  up  the  scale,  it  is  possible  to  implement  a 
k  out  of  k+3  hyperfast  p/s/r  process  using  only  the  arithmetic  of  GF(4).  This  is, 
one  recalls  [MA77,  p.  101;  BL83a,  p.  75],  the  set  (0,1, r,s)  under  the  addition  and 
multiplication  tables 
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It  is  commonplace  to  represent  these  four  "numbers"  as  2-bit  words: 

0  =  (0,0);  1  =  (0,1);  r  -  (1,0);  s  =  (1,1). 

Evidently,  then,  +  is  just  the  2-bit  word  exclusive  or  operation,  XOR.  And  *  can 
be  implemented  by  means  of  a  table  with  sixteen  2-bit  entries. 


For  brevity  we  merely  give  the  matrix  form  of  a  3  out  of  6  hyperfast  p/s  A 
process  in  terms  of  matrices  over  [H071,  p.  6]  the  field  GK(4). 


.  »’ 


\  \  AS 


A  1  3 


ad), 
A-  a( 2) 
a(3) 


d(  1) 
d  ( 2 ) 
D-  d  (  3  ) 
d  ( -'» ) 
d(  5) 
d  (  6) 


1  0  0 
0  1  0 
0  0  I 
11!, 
I  r  s 
1  s  r 


0  0  0  1  1  1 
M( 1 ,2,3] “  0  0  0  i  s  r 
0  0  0  1  is 


Ml  1,2, 4]  = 


0  0  1  0  s  r 

0  0  10  1  1 

0  0  1  0  0  0 


MU, 2, 5]  « 


0  0  s  r  0  s 
0  0  r  s  0  s 
0  0  1  0  0  0 


Mf  1,2,6]  = 


0  0  r  s  r  0 
0  0  s  r  r  0 
0  0  1  0  0  0 


M( 1 ,3,4|  - 


0  1  0  0  r  s 

0  10  0  0  0  , 

0  10  0  11 


Mil, 3. 5] 


0  r  0  s  0  r 
0  1  0  0  0  0 
0  s  0  r  0  r 


for 


M[l,4,6]  - 


0  r  s  0  1  0 
0  1  0  0  0  0 
0  0  1  0  0  0 


M( 1 , 3,6]  = 


M{1, 5, 6]  = 


0  s  0  r  s  0 
0  1  0  0  0  0 
0  r  0  s  s  0 


0  1110  0 
0  1  0  0  0  0 
0  0  1  0  0  0 


Mil, 4, 5]  - 


M(2 , 3, 4]  = 


0  s  r  0  0  1 
0  1  0  0  0  0 
0  0  1  0  0  0 


1  0  0  0  0  0 

1  0  0  0  r  s 

1  0  0  0  u  r 


M  12,3,5] 


1  0  0  0  0  0 

s  0  0  r  0  1 

r  0  0  s  0  1 


M{2 , 3,6]  - 


1  0  0  0  0  0 

r  0  0  s  10 

s  0  0  r  1  0 


M{  2 , 4 , 5]  = 


1  0  0  0  0  0 

r  0  s  0  0  r 

0  0  1  0  0  0 


M  [  2 , 4 , 6 !  -■ 


I  0  0  U  0  0 
s  0  r  0  8  0 
0  0  1  0  0  0 


M12.5.6]  = 


1  0  0  0  0  0 
10  110  0 
0  0  10  0  0 


Ml  3 ,4, ! 


1  0  0  0  0  0 

0  1  0  0  0  0 

s  r  0  0  0  5; 


Mf 3,4,6! 


— f 

1  0  0  0  0  0  j 

0  1  0  0  0  I) 

r  s  0  0  r  0 


Ml 3,3,6|  - 


1  0  0  0  0  0 
0  1  0  0  0  0 

l  1  0  1  0  0 


M  [  4 , 3 , 6 1  = 


1  0  (1  (i  0  <j  j 

0  1  0  0  0  L.  i 

0  0  10  0  0 


To  encode,  set  0  =  EA .  To  decode,  set  A  =  M|w,x,y]D  when  d(w),  d(x)  and  d(y) 
are  missing.  Tills  works  because 

Mlw)X,y)D  =  M{w,x,y)(EA)  -  (M(w,x,y]E)A  »  IA  =  A 

even  though  the  wth,  xth  and  yth  entries  (d(w),  d(x)  and  d(y))  of  D  are 
unknown  (the  product  M[w,x,y]D  Is  independent  of  them  because  the  wth,  xth  and 
yth  columns  of  Mfw.x.yj  are  zero).  It  is  easy  to  verify  that,  in  the  arithmetic  of 
OF  ( 4 ) ,  every  one  of  the  twenty  matrices  M[w,x,y]  is  a  left  inverse  of  E.  Finally, 
it  is  a  straightforward  nwtter  to  produce  k  out  of  k+3  generalizations  of  this 
hyperfast  p/s/r  process,  using  only  the  arithmetic  of  GF(4). 

The  major  part  of  the  work  plan  Is  to  write,  to  run,  and  to  analyze  the  output 
of,  computer  programs  for  using  the  heuristic  principle  to  find  the  encode  and  decode 
algorithms  for  successively  larger  cases  of  hyperfast  p/s/r  processes.  This  will 
involve  a  great  deal  of  run  time.  Hence  It  will  be  necessary  to  obtain  an  IBM  PC  and 
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use  it  throughout  the  project.  See  Section  8  below.  First  we  propose  to  find  the 
form  of  general: 

k  out  of  k+4 ;  k  out  of  k+5;  and  k  out  of  k+6 

p/s/r  processes  using  only  GF(8)  arithmetic,  then  general 

k  out  of  k+7,  ...»  k  out  of  k+1 4 

p/s/r  processes  using  only  GF(16)  arithmet  ic,  then  general 

k  out  of  k+1 5,  . ..,  k  out  of  k+30 

p/s/r  processes  using  only  GF(32)  arithmetic,  and  so  on.  These  results,  which 
already  contain  the  larger  part  of  the  foreseeable  practical  use  of  cheap  hvperfast 
p/s/r  processes,  can  be  expected  to  lead  to  the  form  of  the  general  k  out  of  k+j 

p/s/r  process  using  only  the  arithmetic  of  GF(2^),  where  j  <  2^. 

Once  this  is  done,  the  rest  of  the  work  plan  is  to  do  an  abstract  design  of 
hardware  implementation  of  p/s/r  processes.  For  packet  switching  [SL81]  and  other 
sequential-arrival-of -words  type  applications,  lew  cost  and  minimum  parallelism  may  he 
the  overriding  design  consideration.  For  other  applications,  perhaps  involving 
physically  parallel  channels  transmitting  concurrently,  cost  and  use  of  off-the-shelf 
components  may  take  a  back  seat  to  speed.  In  this  case  it  may  be  necessary  to  providc- 
abs tract  designs  of  encode  and  decode  processes  utilizing  parallel  processing,  or  even 
the  ultimate  ultraparallel  implementation  so  as  to  approach  the  four-machine-cycle 
ideal  of  encoding  and  decoding  speed  mentioned  in  Section  5  above. 

The  last  part  of  the  work  plan,  also  an  abstract  design  task,  is  to  sacrifice 
speed  or  economy  or  both  so  as  to  produce  general  purpose  decoders.  In  other  words  we 
want  to  classify  the  pairs  ((k,n),  (k*,n*))  with  the  property  that  an  encoder 
(resp.  decoder)  for  a  k  out  of  n  p/s/r  process  will  encode  (resp.  decode)  for  a 
k*  out  of  n*  process  as  well. 

Cases  of  this  are  known.  It  is  easy  to  turn  the  implementation  of  a  3  out  of 
G  hyperfnst  p/s/r  process  using  only  GT(4)  arithmetic  into  the  implementation  of  a 
2  out  of  4  hyperfast  p/s/r  process  using  only  GF(4)  arithmetic  by  "tying  some 
channels  to  ground",  t.e.  by  sending  only  zeros  over  them  (or  having  the  receiver 
pretend  that  only  zeros  are  sent  over  them).  We  omit  details,  which  a  reader  can 
easily  work  out.  Obviously  you  pay  a  price  in  bandwidth.  In  this  example  a  3  megabit 
per  second  throughput  is  reduced  to  2  megabits  per  second.  It  is  reasonable  to 
conjecture  that  a  k  out  of  n  Imp] ementation  can  be  trivially  turned  into  a  k* 

out  of  n*  implementation  this  way  if  k*  k ,  n*  <  n,  and  n*-k*  <  n-k.  It  would 

be  desirable  to  verify  this  conjecture  and,  if  possible,  extend  it.  The  advantage  of 
having  a  few  versatile  boxes  (general  purpose  comiruni  cat  ion  tools)  can  sometimes 
outweigh  the  panoply  of  unique  advantages  peculiar  to  each  of  a  large  number  of 
dedicated  boxes  (precision  single  purpose  tools)  In  a  military  context. 

Actual  hardware  design  is  not  part  of  Phase  l.  It  will  he  left  to  Phase  II. 

7.  Phase  T  statement  of  work. 

Hie  work  will  start,  'with  the  production,  and  numerous  runs,  of  a  program  to 
implement  the  heuristic  device  described  In  Section  6  above.  It  is  strongly  indicat'd 
by  much  evidence  in  the  cases  u  =  k,  n  =  k+1,  n  =  k+2,  n  =  k+3,  and  n  =  k+7 
that  a  properly  chosen  Bloom  p/s/r  gives  rise  to  an  appropriate  hyperfast  p/s/r  for 
any  choice  of  k  and  n.  lire  program  will  produce  the  list  of  matrices  which  embodv 

this  hyperfast  k  out  of  u  case,  for  each  choice  of  k  and  n.  By  the  end  of  tw> 

months  the  first  of  these  results  (the  cases  4  <  k  <  7,  n  around  60)  will  be 
available.  Within  tin?  follcwlng  month  or  two,  the  other  cases  most  important  to  tin 
general  solution  of  the  problem  of  building  all  hyperfast  p/s/r  processes  should  he 
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available.  They  may  not  bo  in  the  best  torm.  It  not,  an  interactive  matrix 
nanipulat  Lon  program  will  be  produced  to  format  them  in  the  manner  most  conducive  to 
reading  off  the  general  structure  of  the  nut  trices  which  embody  a  hyperfast  p/s/r 
process.  The  last  two  months  will  he  devoted  to  discovering,  and  then  proving 
correct,  the  form  of  the  general  hyperfast  p/s/r  process.  Even  if  the  general 
solution  is  not  found,  most  cases  with  any  conceivable  practical  importance  will  have 
been  settled. 

The  abstract  design  principles  for  implementation  can  proceed  concurrently  wit.?: 
the  di  CM\.-ry  process  over  the  last  A  of  the  6  months  of  the  project.  The  reason  1  * j r 
this  is  that  the  general  form  of  the  solution  is  known.  Both  encode  and  decode  ar.- 
dot  products  between  vectors  in  an  n  dimensional  or  a  k  dimensional  vector  space. 
What  is  not  yet  conclusively  demonstrated,  though  we  gave  a  well  motivated  conjcctme 
in  Section  6,  is  the  size  of  the  fields  underlying  these  vector  spaces  for  a  given 
choice  of  n  and  k.  And  the  number  of  occurrences  of  each  member  of  that  field  is 
quite  mysterious.  But,  as  these  pieces  fall  into  place  case  by  case,  the  abstract 
design  principles  can  evolve  iteratively. 
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At  the  end  of  the  sixth  month  YLYK  Ltd.  will  deliver  a  report.  The  report  will 
contain  a  catalog  of  k  out  of  n  cases  of  hyperfast  p/s/r  processes  embodied  In 
lists  of  matrices  for  various  important  vaLues  of  k  and  n.  If  the  work  meets  with 
complete  success  it  will  in  fact  give  the  form  of  the  list  of  matrices  embodying  the 
general  k  out  of  n  hyperfast  p/s/r.  Finally,  it  will  describe  the  abstract  design 
principles  of  implementing  such  p/s/r  processes  on  currently  available  off-the-shelf 
hardware,  as  well  as  on  a  hypothetical  vector  machine  or  even  a  hypothetical 
ultraparallel  processor. 

P.  Facilities/equipment. 

So  far  the  hyperfast  k  out  of  k+1,  4  out  of  6,  3  out  of  6,  and  7 

out  of  14  cases  of  a  p/s/r  process  have  been  produced  with  no  more  computer  power 

than  an  Ilf-  ■'•!(:.  This  is  because  the  fields  in  question  are  quite  small.  Hence  no 
matrix  Inrs’er  than  14  by  14  is  needed  to  turn  the  heuristic  principle  described  in 
i>>  ’  t  i  o.a  (>  above  into  an  infinite  collection  of  encode/decode  titles.  But  in  order  to 
go  beyond  this  it:  will  be  necessary  to  at  least  double  the  size  of  the  Galois  field  !• 
in  question.  It  will  also  be  necessary  to  do  linear  algebra  with  matrices  larger  Jim 
30  by  30.  And  by  the  time  the  general  form  of  the  encode/decode  procedure  for  k 

out  ot  n  processes  emerges  we  will  probably  be  dealing  with  something  like  a  V  out. 

of  k+1 0G  case.  This  will  involve  fields  with  more  than  100  elements,  and 
(extrema  iy  sparse)  ■..trices  of  size  approximately  20,000  by  20, QUO  over  such  fields. 

The  ealcul.it  ions  involved  will  require  a  computer  capable  of  supporting  F0RTK7.N, 
as  well  as  being  easily  programmable  in  its  own  assembly  language,  and  with  sizable 
memory.  The  IBM  Personal  Computer  is  just  about  the  smallest  of  the  machines  capable 
of  carrying  out  this  program.  But  with  64K  RAM,  and  assuming  adroit  programming  and 
use  of  disk  memory,  it  will  be  possible  to  explore  the  consequences  of  the  heuristic 
principle  mentioned  in  Section  6  above  within  the  size  ranges  aforementioned.  No 
other  special  equipment  will  be  required  to  complete  the  project. 

The  2-room  facilities  available  to  YLYK  Ltd.  at  Ann  Arbor  are  adequate  to  the 
task  at  hand.  They  can  accommodate  the  TBM  PC  and  provide  the  principal  investigator 
with  a  work  area  and  necessary  library  and  drafting  facilities.  Other  personnel  can 
be  accommodated  there,  or  else  assigned  duties  to  be  performed  on  their  own  premises 
in  consultant  fashion. 

9.  Consultants. 

Charles  Asmuth  (Ph.l).  ,  Mathematics,  University  of  Chicago,  1976)  did  pos tdoct <  - a  1 
work  at  the  Institute  for  Advanced  Study  in  Princeton,  New  Jersey.  He  taught  in  tic 


department  of  mathematics  at  Texas  A&M  before  taking  his  present  position  as  a 
professor  in  the  department  of  mathematics  and  computer  science  at  Rutgers  University 
(Newark).  He  is  author  or  coauthor  of  some  ten  papers  in  mathematics  and  its 
applications,  especially  information  theory  and  cryptography.  He  will  be  a  consultant 
on  t  in;  proposed  research.  His  combination  of  knowledge  in  electrical  engineering, 
computer  science  and  abstract  algebra  will  be  useful  in  going  from  the  classification 
ot  hyperfast  p/s/r  processes  to  implementation. 

G.  R.  Blakley  (i'h.D.  Mathematics,  University  of  Maryland,  I960)  did  postdoctoral 
work  at  Cornell  and  Harvard.  He  has  been  on  the  mathematics  department  faculty  of  the 
University  of  Illinois  (Urbana),  SUNY  at  Buffalo,  and  Texas  A&M  (where  he  was 
department  head  for  many  years,  and  where  he  is  currently  a  professor).  He  is  author 
or  coauthor  of  some  30  papers  in  mathematics  and  its  applications,  especially 
Information  theory  and  cryptography.  He  will  be  a  consultant  on  the  proposed 
research.  His  expertise  in  linear  algebra  will  be  useful  in  finding  a  general  scheme 
under  which  the  anticipated  abundance  of  hyperfast  p/s/r  processes  can  be  classified. 

John  Bloom  (Ph.l).  ,  Mathematics,  CalTech,  1977)  taught  at  the  department  of 
mathematics,  Texas  A&M  University,  before  taking  his  present  research  and  development 
position  at  Chevron,  La  Habra,  California.  He  is  author  or  coauthor  of  some  ten 
papers  and  technical  reports  In  mathematics  and  its  applications,  including 
information  theory.  He  will  be  a  consultant  on  the  proposed  research.  His  expertise 
in  algebraic  number  theory  and  algebraic  geometry  will  be  especially  useful  in  the 
very  first  phase,  formulating  the  programs  which  implement  the  heuristic  based  on  the 
Bloom  p/s/r  processes  and  produce  examples  of  hyperfast  p/s/r  processe.s  for  various 
choices  of  k  and  n. 

1U.  Related  work.  Bibliographic  citations  list. 

Bob  Blakley  served  as  a  draftsnen  for  the  City  of  Bryan,  Texas,  in  the  sumraer  of 
1978.  He  is  an  expert  scientific  programmer,  having  been  employed  at  various  times 
over  the  last  three  years  in  software  production  and  maintenance  by  research  contracts 
and  grants  in  the  Mathematics,  Mechanical  Engineering,  Statistics,  Chemistry. 
Biochemistry  and  Biophysics  departments  of  Texas  A&M  University,  the  Geophysical  Fluiu 
Dynamics  Laboratory  at  Princeton  University  and  the  University  of  Michigan  Computer- 
Center,  as  well  as  for  YLYK  Ltd.  of  Ann  Arbor,  Michigan.  He  has  had  extensive 
experience  in  algebraic  scientific  software  production,  some  of  it  in  collaboration 
with  G.  R.  Blakley.  He  has  produced  sizable  module  [HE74]  theoretic  generalizations 
of  linear  algebraic  programs  for  chemical  applications.  He  has  produces  programs  for 
the  arithmetic  of  g-adie  rings  (MA81]  and  the  arithmetic  of  finite  fields  of 
character  1  st.ic  2.  He  has  implemented  computer  simulations  of  both  the  Asmuth-Blak  ley 
[AS82]  p/s/r  analog  of  the  AsmiLh-Bloom  threshold  scheme  [AS83]  and  the  Bloom-style 
p/s/r  analog  of  the  Bloom  threshold  scheme  [  31.8 1  b  J .  He  has  a  substantial  academic 
background  in  logic,  computer  science  and  natural  languages.  He  Is  conversant  with  a 
dozen  computer  languages,  several  of  which  are  assembly  languages. 

C.  A.  As  truth  is  one  of  the  leading  practitioners  in  the  theory  of  threshold 
schemes  (AS83|,  p/s/r  processes  ( A S 8 2 ]  and  their  applications  [AS81J.  He  has  a 
practical  familiarity  with  digital  electronics  extending  back  many  years.  His  grasj 
of  abstract  algebra  and  abstract  harmonic  analysis  is  highly  sophisticated. 

G.  R.  Blakley  invented  [BL79]  threshold  schemes,  and  is  a  major  contributor 
[ BL80;  BL8la;  BL8 2 j  to  their  theory.  With  Asmuth,  he  first  explicitly  identified  the 
red  noise  problem  [A882]  and  solved  it  (though  Bloom  certainly  [BL81b]  foreshadowed 
this  solution).  He  works  actively  !BL83b]  on  minimal  computational  complexity 
algorithms  for  scientific  and  mathematical  computations.  His  interest  in  linear 
algebra,  and  its  applications  outside  mathematics,  goes  back  iwenty  years,  and  has 
issued  in  numerous  public  tllons  not  cited  here  because  they  are  not  directly  relw*..! 


to  the  topic  at  hand.  The  term  linear  algebra  is  used  here  in  an  expansive  sense 
which  includes  matrix  analysis  on  the  analytic  side,  and  integer  matrices  --  and,  more 
generally,  module  theory  --  on  the  abstract  algebraic  side.  He  is  currently  principal 
investigator  on  a  National  Security  Agency  grant  to  do  unclassified  research  in 
information  theory,  some  aspects  of  which  are  related  to  the  theory  and  practice  of 
p/s/r  processes. 

J.  Hloom  is  the  inventor  of  the  bloom  threshold  scheme  j/JL81b],  the  fastest 
known,  riis  work  prefigured  the  development  of  the  Bloom-style  p/s/r  processes  and  the 
hyperfast  p/s/r  processes.  His  influence  is  major  and  his  insight  into  every  aspect 
of  the  subject  is  incisive.  His  grasp  of  geometry,  including  algebraic  geometry,  Is 
powerful.  He  has  devoted  the  Last  two  years  to  sophisticated  programming  efforts  on 
computers  near  the  edge  of  the  envelope. 

C.  Asmuth,  Bob  Blakley ,  G.  R.  Blakley  and  J.  Bloom  have  all  known  each  other  for 
more  than  five  years.  They  communicate  effortlessly  with  eacn  other  on  technical 
matters.  The  requested  travel  funds  will  be  used  to  get  two  or  more  of  them  together 
for  periods  of  several  days  at  several  points  during  the  work. 
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11.  Key  Personnel. 

YLYK  Ltd.  was  incorporated  in  Delaware  on  4  June  1979.  It  is  currently 
headquartered  in  Ann  Arbor,  Michigan.  It  has  produced  software,  designed  algorithms, 
designed  systems  in  the  area  of  coding,  comnuni cat  ions  and  cryptography,  and  has 
conducted  studies. 

Bob  Binkley,  born  13  July  1960  in  Washington  D.C.,  is  a  citizen  of  the  U.S.A.  and 
a  1982  honors  graduate  of  Princeton  University.  He  married  Karen  Hejtroancik  of 
College  Station,  Texas,  on  7  August  1982.  His  previous  technical  employment  history 
can  be  found  in  Section  10  above.  He  is  currently  involved  in  part  time  teaching  and 
graduate  study  in  computer  science  at  the  University  of  Michigan.  He  is  coauthor  of 
three  papers  on  cryptography  and  information  theory  in  Cryptologia,  Volume  2  (1978), 
pp.  305-321,  Volume  3  (1979),  pp.  29-42,  and  Volume  3  (1979),  pp.  105-118.  He  is 
president  of  YLYK  Ltd. ,  and  will  be  principal  Investigator  on  the  proposed  research. 
His  Social  Security  Number  is  460-06-2353. 

12.  Current  and  pending  support. 

SBIR  proposals  very  similar  to  this  proposal,  all  bearing  the  title 

High-speed  low-cost  ways  to  get  messages  from  a  sender  to  a  receiver  when 
some  channels  linking  them  become  inoperative, 

and  all  having  Bob  Blakley,  President,  YLYK  Ltd.,  as  principal  investigator  are  being 
submitted  in  May  1983  to  the  following  D0D  components  under  D0D  Program  Solicitation 
Number  83.1,  Small  Business  Research  Program,  Closing  date  31  May  1983: 
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;-'i  ease  enter ,  on  one  line  and  separ ated  -»v  a 
:i;V"  t  .  a  1  x— case  ana  :Ti cdu  lets  bo  c*  e  '.'.sec  ■  i  be 
: i ex d-oaae  snoui d  ae  a  decimal  number  and  the 
i,i3dui'J5  mould  be  an  octal  number. 

r 1  ease  enter  the  number  at  channels  to  be  sent 
bv  the  tranruTuttinq  node.  This  should  be  a 
o ec i ma 1  n u  mb  er . 


please  enter  the  number  at  channels  active  at 

the  receivers  node;  this  should  be  a  decimal  number. 


DNF  matr l  tor  3  out  ot  10 
channels  c  er  GF  2  4 )  mod  23 


.•  1  O'.)  it  i”  16  04  15  1  1  13  02 
.  '  )  .  1  1  -*■  LLL  U  7  1  l  *.-*  L  4  *..'1  n  4 

i  eas5  enter,  on  one  line  ana  sen  *r  eted  bv  blanks, 

■.  n  e  hi  (Libers  ot  the  3  channels  active 

at  tne  receiving  node.  These  numbers  should  be  decima 
3456739  10 

decoder  matrii;  tor  the  active  channels  listed  above  is 


ot 
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please  enter,  on  one  line  and  separated  by  blanks, 
the  data  received  on  each  ot  the  channels  active  at 
the  receivers  node.  The  data  should  be  in  the  form 
ot  octal  numbers,  and  should  be  entered  in  order  ot 
increasing  channel  number. 

12  13  14  15  to  17  07  14 


Che  3  transmitted  cleartext  words  were 
■■  c  ■_  a .  number  s  e  .pressed  in  channel  order  >  i 


11  12  13  14  15  to  17 

do  you.  want  to  decode  another  8  words? 

(type  y  or  n)  . 
n 

F'lease  enter,  on  one  line  and  separated  by  a  blank, 
the  ti eld-base  and  modulus  to  be  used.  The 
field-base  should  be  a  decimal  number  and  the 
modulus  should  be  an  octal  number. 

F 1  ease  enter  the  number  ot  channels  to  be  sent 
bv  the  transmi tti ng  node.  This  should  be  a 
decimal  number. 

10 


please  enter  the  number  ot  channel  s  acti  .  i?  at 
the  race’  /erg  rode;  Lb  i  s  should  >  d  act  mal  numbs:  . 


m 


ns  Is  ov«r  Gi-  2**-<  4)  mod  23  u: 


ut  '-'0  l  1  I  7  i  o  '.<4  15  11  13  *.>2 
>30  0i  14  02  0  7  01  1.0  04  01  04 

please  enter,  on  one  line  and  separated  by  blanks, 
tiie  numbers  c-f  the  3  channel  s  active 

at  the  receiving  node.  Tnese  numbers  should  be  aecim 
2  7  4  6  7  S  7  10 

Decoder  matrix  tor  the  active  channels  listed  above  i 
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t  3. 

►“  pr 

e  i 

/ed  on 

►3  cl 

ch  i 

of 

jp  ar  a  ted  b "  b  i  an  k  s  , 

3  c h a n p i  if  a c  1 1  v e  at 
tne  receivers  roue,  The  data  should  be  in  the  form 
of  octal  numbers ,  and  should  be  entered  in  order  of 
,i  n c: r e a s 1 1 i q  c h  a n n g  1  n u mber  . 

1 1  12  13  15  16  17  07  1 4 


■.lie  d  transmitted  cleartext  words  were 
octal  numbers  expressed  in  channel  order): 

‘.0  li  12  13  14  15  16  17 
jo  vou  want  to  decode  another 


b  words? 


Please  enter,  on  one  line  and  separated  by  a  blank, 
the  field-base  and  modulus  to  be  used.  The 
11  eld— base  should  oe  a  decimal  number  and  the 
modulus  should  be  an  octal  number. 

Please  enter  the  number  of  channels  to  be  sent 
by  the  transmitting  node.  This  should  be  a 
decimal  ntinbsr  ■ 
i  0 

please  enter  the  number  of  channels  active  at 

the  receivers  node;  this  should  be  a  decimal  number. 

» 

;-..r  matr  i  for  3  out  of  10 
Channels  over  GF  mod  23  is: 


•■•1  >10  11  17  16  ..-4  15  11  13  02 
00  1  1  4  (2  >7  01  10  04  01  04 


vi  -•  ;-se  enter  on  one  Li  ne  and  separated  by  blanks, 
.re  numbers  • the  8  channels  active 
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to 

1 0 
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coder  matt 

1 

f  or 

th 

e 

acti 

ve 

channels  listed 
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olease  enter,  or,  one  line  and  separated  by  blanks, 
tne  data  received  on  each  of  the  channels  active  at 
tiie  receivers  node.  The  data  should  be  in  the  form 
of  octal  numbers,  and  should  be  entered  in  order  of 
increasing  channel  number. 

11  12  13  14  15  16  17  14 

t  h  e  8  t  r  an  s  m  it  ted  clear  be::  t  wor  d  s  wer  e 
do  -Si  1 1  •  tine  ‘...-I  r~’- , — ,  i  ..  . .  ■  cl  ifi  Lii-niLel  order  )  : 

10  11  12  13  14  15  1  to  1 7 

do  you  want  to  decode  another  S  words? 

( type  y  or  n  > . 
n 

FI  ease  enter,  on  one  line  and  separated  bv  a  blank, 
the  field -base  and  modulus  to  be  used.  The 
field-base  should  be  a  decimal  number  and  the 
modulus  should  be  an  octal  number. 

4  23 

Please  enter  the  number  of  channels  to  be  sent 
oy  the  transmitting  node.  This  should  be  a 
dec l ms  1  number , 

10 

please  enter  the  number  of  channels  active  at 

the  receivers  node;  tlus  should  be  a  decimal  number. 


01  00  11  17  16  04  15  11  13  02 
00  01  14  02  07  01  10  04  01  04 

please  enter,  on  one  line  and  separated  by  blanks, 
the  numbers  at  this  8  channels  active 

at  the  receiving  node.  These  numoers  should  be  decimal 
1234673  10 

Decoder  matn::  tor  the  active  channels  listed  above  is: 
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do  ,'ou  want,  to  decode  another  8  words? 
vtvpe  y  or  n> . 

Please  enter,  on  one  line  and  separated  by  a  blank, 
the  field-case  and  modulus  to  be  used.  The 
field -base  should  be  a  decimal  number  and  the 
modulus  should  be  an  octal  number. 

l  23 

r lease  enter  the  number  at  channels  to  be  sent 
□V  the  transmitting  node.  This  should  be  a 
decimal  number. 

10 

tr.e  receivers  node;  this  should  be  a  decimal  number, 
o 

PNF  inatriM  ter  3  out  ot  10 
channels  over  8F  2*-*  (4:  mod  23  is: 


01  00  11  17  16  04  15  11  13  02 
00  01  14  02  07  01  lv  04  01  04 

please  enter,  on  one  line  and  separatee  by  blanks, 
the  numbers  of  the  8  channels  active 

at  the  receiving  node.  These  numbers  should  be  decimal 
1  2  3  4  5  .t  7  S 

Decoder  matrix  ter  the  active  channels  listed  above  is: 
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>  GO  00  00  00  *1)0  01  00  00  00 

*  00  ‘-'0  00  00  00  00  0 1  ’j1.)  <x> 

ease  enter,  on  one  line  and  separated  by  blanks, 
e  data  received  on  each  o+  the  channels  active  at 
■e  receivers  node.  The  data  should  be  in  the  form 
octal  numoers,  and  should  be  entered  in  order  o+ 
icreaeinq  charnel  number. 

:■  11  12  12  14  lb  16  17 

■  e  8  transmitted  cleartext  words  were 
ictai  numbers  expressed  in  channel  order): 

■  11  12  17  14  15  16  17 

,  you  want  to  decode  another  8  words’7 
:  /oe  v  or  n . 


please  enter,  on  one  line  and  separated  ny  Dlanks, 
the  field -base,  modulus,  numDer  ot  cnannels  to  be  sent 
ana  number  or  cnannels  to  be  received.  The  modulus 
should  be  an  octal  number;  all  other  numbers  should 
be  decimal. 

-  ::  10  : 

•hank  you. ..please  wait 


ENF  HATRIX - - - 

17  14  07  15  05  02  1  1  06  13  17  16  17  03 
01  02  10  14  O'  01  14  15  14  01  07  14  10  02 

01  06  15  10  02  12  16  16  12  02  10  15  06  01 

01  16  14  06  14  07  06  07  14  06  14  16  01  00 

01  15  04  03  i.>2  15  15  02  03  04  15  01  00  00 

01  13  11  17  04  03  04  17  11  13  .U  00  00  00 

0 1  07  15  07  11  1'.  03  15  07  Ol  00  00  00  j 

01  14  04  13  14  13  04  14  01  00  00  00  00  00 

■.  1  1  1  01  12  12  01  1  1  01  00  00  00  00  00  00 

01  03  10  03  10  03  01  00  00  00  00  00  00  00 

01  04  05  05  04  01  00  00  00  00  00  00  00  00 

01  12  11  12  01  00  00  00  00  00  00  00  00  00 

: 1  05  05  01  00  00  00  00  00  00  00  00  00  00 

01  10  01  00  00  00  00  00  00  00  00  00  00  00 

01  01  00  00  00  00  00  00  00  00  00  00  00  00 

01  00  00  00  00  00  00  00  00  00  00  00  00  00 


please  enter,  on  one  line,  in  octal  and 
d y  c 1  a n k s ,  the  values  to  o e  transmitted 
t r a n emitters  3  channels 

‘J  L  ~ 

words  transmitted  are  '.in  channel  o  r  d  e  r  ; 
•>  1  vZ  04  1  0  03  06  1  4  13  05 

oo  vou  want  to  send  another  3  words' 
type  /  or  n  > 

please  enter,  on  one  line,  in  octal  and 
o  y  blanks,  the  values  to  be  transmitted 
transmitters  3  channels 
Z  4  5 

•crds  transmitted  are  tin  channel  order; 
>4  05  1  1  1  7  02  17  05  16  16 

so  vou  want  to  send  anot her  3  war ds9 

t  V  IS  v  O'  !1  ) 

l  :  e i  s  a  e r t c- r  ,  on  one  line,  in  octal  and 
O  '  clangs.  the  •'-.lues  to  oe  transmitted 
t -  a  n  s  t inters  3  channels 
o  7  1  ) 

■■•ores  transmitted  are  'in  channel  order) 
:□  t1 7  1  0  14  06  1  1  02  14  1  1  15 


co  you  want  to  send  another  3  words9 
'type  y  or  n) 

oiease  enter,  on  one  line,  in  octal  and 
ov  blanks,  the  values  to  be  transmitted 
t ran s mi  tters  3  cnannels 
11  12  13 

words  transmitted  are  tin  channel  order.’ 
11  12  13  16  13  10  14  14  12  15 


do  you  want  to  send  another  3  words? 
'type  v  or  n ) 

oiease  enter,  on  one  line,  in  octal  and 
-■>  blanks,  the  values  to  be  transmitted 
transmitters  3  channels 
14  15  16 

words  transmitted  are  'in  channel  order) 
14  15  16  10  04  17  12  00  07  11 


«• 

TT  do  you  want  to  send  another  3  words9 

;!•/  'type  y  or  n) 

oiease  enter,  on  one  line,  in  octal  and 
O  by  blanks,  the  values  to  de  transmitted 

transmitters  3  channels 


17  10  4 

wGrds  transmitted  ar 
1 7  10  04  15  04  03  v  5 

do  you  want  to  send 
'  t  / p e  v  or  n  ) 


e 


1 1 n  channel 
0 m  10  12 


order  ‘ 


separated 
over  the 


separated 
over  the 


separated 
ever  t n e 


separated 
over  the 


separated 
over  the 


seoar  ated 
over  the 


anot h e 


wor  as 


2/2 


AD-A142  831 


UNCLASSIFIED 


HIGH  SPEED  LOU-COST  WAVS  TO  GET  MESSAGES  FROM  A  SENDER 
TO  A  RECEIVER  UHEN.  .  (U)  VLVK  LTD  ANN  ARBOR  MI 
B  8LAKLEV  28  MAV  84  VLVK/AFOSR/SBIRI/83-84/001 
AFOSR-TR-84-0528  F49620-83-C-0160  F/G  17/2. 1 


NL 


MICROCOPY  RESOLUTION  TEST  CHART 

NATIONAL  BUREAU  OF  STANDARDS-1963-A 


ENCODE  KEY 


03  06  03  17  10  00  00  00  00  01 
10  16  15  15  07  00  00  00  01  00 
05  16  06  16  02  00  00  01  00  00 
10  05  05  13  02  00  01  00  00  00 
17  07  10  14  15  01  00  00  00  00 


please  enter,  on  one  line,  in  octal  and  separated 
oy  blanks,  the  values  to  be  transmitted  over  tne 
transmitters  5  channels 
0  12  3  4 

words  transmitted  are  (in  channel  order): 

00  01  02  03  04  02  11  13  14  04 

do  you  want  to  send  another  5  words? 

(type  y  or  n) 

y 

please  enter,  on  one  line,  in  octal  and  separated 
by  blanks,  the  values  to  be  transaitted  over  the 
transmitters  5  channels 
5  6  7  10  11 

words  transmitted  are  (in  channel  order): 

05  06  07  10  11  17  15  11  01  04 

do  you  want  to  send  another  5  words? 

(type  y  or  n) 

y 

olease  enter,  on  one  line,  in  octal  and  separated 
by  blanks,  the  values  to  be  transaitted  over  the 
transmitters  5  channels 
12  13  14  15  16 

words  transmitted  are  (in  channel  order): 

12  13  14  15  16  13  16  07  06  13 

do  you  want  to  send  another  5  words? 

(type  y  or  n) 

w 

please  enter,  on  one  line,  in  octal  and  separated 
by  blanks,  the  values  to  be  transaitted  over  the 
transmitters  5  channels 
17  10  4  14  0 

words  transaitted  are  (in  channel  order): 

17  10  04  14  00  16  05  00  12  03 

co  you  want  to  send  another  5  words? 

(type  y  or  n) 


a’.ease  enter,  on  one  line  and  separated  by  blanks, 
the  fiela-base,  modulus,  number  of  channels  to  be  sent 
and  number  of  channels  to  be  received.  The  modulus 


should  be  an  octal  number; 
be  decimal . 

4  23  10  8 

thank  you. ..please  wait 


ENF  MATRIX - - 

01  17  14  07  15  05  02  11  06 
01  02  10  14  07  01  14  15  14 
01  06  15  10  02  12  16  lb  12 
01  16  14  06  14  07  06  07  14 
01  15  04  03  02  15  15  02  03 
01  13  11  17  04  03  04  17  11 
01  07  15  03  11  11  03  15  07 
01  14  04  15  14  15  04  14  01 
01  11  01  12  12  01  11  01  00 
01  03  10  03  10  03  01  00  00 
01  04  05  05  04  01  00  00  00 
01  12  11  12  01  00  00  00  00 
01  05  05  01  00  00  00  00  00 
01  10  01  00  00  00  00  00  00 
01  01  00  00  00  00  00  00  00 
01  00  00  00  00  00  00  00  00 


all  other  numbers  should 


13  17  16  17  03 
01  07  14  10  02 
02  10  15  06  01 
06  14  16  01  00 
04  15  01  00  00 
13  01  00  00  00 
01  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 
00  00  00  00  00 


■r.  ■  *  .  ■*  -  ^  \  r.  j- ^  .-_  w  _  y  '  ■ 

El  7 

NCQDE  KEY . - . — -;> 

7  03  11  14  14  12  14  02  00  01 
1  15  16  07  02  17  15  14  01  00 


please  enter,  on  one  line,  in  octal  and  separated 
by  blanks,  the  values  to  be  transmitted  over  the 
transmitters  8  channels 
0  1  2  3  4  5  6  7 

words  transmitted  are  (in  channel  order): 

00  01  02  03  04  05  06  07  17  04 

do  you  want  to  send  another  8  words? 

(type  y  or  n) 

■/ 

please  enter,  on  one  line,  in  octal  and  separated 
by  blanks,  the  values  to  be  transmitted  over  the 
r.r ansmi tters  8  channels 
10  11  12  13  14  15  16  17 
*ords  transmitted  are  (in  channel  order): 

10  11  12  13  14  15  16  17  07  14 

do  you  want  to  send  another  8  words? 

(type  y  or  n) 


Vj 


Si 

A 

vVf 


r'lesae  enter,  on  one  line  and  separated  bv  a  blank, 
the  field-base  and  modulus  to  be  used.  The 
■field-base  should  be  a  decimal  number  and  the 
modulus  should  be  an  octal  number. 

4  23 

Please  enter  tne  .numter  of  channels  to  be  sent 
bv  the  transmitting  nods.  This  should  be  a 
decimal  number. 

10 

please  enter  the  number  of  channels  active  at 

the  receivers  node;  this  should  be  a  decimal  number, 


channels  to  be  sent 
This  should  be  a 


DN 

F  iTic*. 

tr  i 

for 

out 

of 

10 

:r. 

anne 

A 

OV 

er 

3F  2**< 

4) 

mod 

.  A 

-*  A 

00 

00 

00 

00 

00 

00 

14 

05 

10 

00 

0 1 

00 

oo 

00 

oo 

oo 

04 

12 

17 

vO 

0  0 

X, 

00 

00 

oo 

01 

01 

01 

00 

0  i 

oo 

oo 

oo 

10 

17 

06 

00 

oo 

oo 

01 

00 

00 

05 

12 

16 

**■  f*> 

00 

oo 

oo 

00 

0 1 

00 

1 1 

16 

06 

00 

00 

00 

oo 

00 

00 

01 

05 

13 

17 

please  enter,  on  one  line  and  separated  by  blanks, 
the  numbers  of  tne  3  channels  active 

at  the  receiving  node.  These  numbers  should  be  decimal 
1  5  8 

Decoder  matrix  for  the  active  channels  listed  above  is; 


01  00  00  0< 
10  01  00  0< 
16  00  01  0< 


)  00  00  00  00  00  00 

>  05  00  00  14  00  00 

>  13  00  00  04  00  00 


please  enter,  on  one  line  and  separated  by  blanks, 
the  data  received  on  each  of  the  channels  active  at 
the  receivers  node.  The  data  should  be  in  the  form 
of  octal  numbers,  and  should  be  entered  in  order  of 
increasing  channel  number. 

6  6  14 

the  3  transmitted  cleartext  words  were 
‘.octal  numbers  expressed  in  channel  order); 

06  07  10 

do  you  want  to  decode  another  3  words? 

(type  y  or  n). 

y 

ulease  enter,  on  one  line  and  separated  by  blanks, 
the  data  received  on  each  of  the  channels  active  at 
the  receivers  node.  The  data  should  be  in  the  form 
of  octal  numbers,  and  should  be  entered  in  order  of 
increasing  channel  number. 

3  17  5 

the  3  transmitted  cleartext  words  were 
(octal  numbers  expressed  in  channel  order): 

03  04  05 

do  you  want  to  decode  another  3  words? 


-'lease  enter,  on  one  line  and  separated  bv  a  blank, 
‘.he  field-base  and  modulus  to  be  used.  The 
-i eld-base  should  be  a  decimal  number  and  the 
modulus  should  be  an  octal  number. 

4  23 

lease  enter  the  number  of  channels  to  be  sent 
iv  the  transmitting  node.  This  should  oe  a 
.ti  a  1  n  u m b  e r  . 

L 

..•'•ease  enter  the  number  of  channels  active  at 

-•‘iO  receivers  node;  this  should  be  a  decimal  number, 


Cl  LjUt  '-if  1 M 

r  2-**-(4>  mod  23  is: 


i  00  00  O0  15  1*4  |2  02  1 0 

.  •  •  >1  00  00  00  14  1.4  13  03  11 

.  o  oi  00  00  1.2  02  16  02  05 

■_•  >  oo  00  01  00  10  14  05  13  13 

00  00  00  01  04  13  06  16  06 

-.lease  enter,  on  one  line  and  separated  c  >■  blanks. 

.  e  numbers  of  the  o  channels  active 
r. ■:  the  receiving  node.  These  numbers  should  be  decimal 
’’  8  9  1 0 

Lecoder  matrix  for  the  active  channels  listed  above  is: 


00 

00 

00 

00 

15 

14 

12 

02 

10 

•vO 

00 

00 

14 

14 

13 

03 

1 1 

00 

01 

00 

00 

12 

02 

16 

02 

05 

:>o 

00 

01 

00 

10 

14 

05 

13 

13 

j'O 

00 

00 

01 

04 

13 

06 

16 

06 

o lease  enter,  on  one  line  and  separated  by  blanks, 

•.  ie  data  received  on  each  of  the  channels  active  at 
me  receivers  node.  The  data  should  be  in  the  form 
of  octal  numbers,  and  should  be  entered  in  order  of 
.nor easing  channel  number. 

1  ..”  16  07  06  13 

■:he  5  transmitted  cleartext  words  were 
■  octal  numbers  expressed  in  channel  order): 

i  2  13  14  15  16 

/cu  want  to  ‘jucade  anotner  b  words” 

•  oe  y  or  n )  . 

s lease  enter,  on  one  line  and  separated  by  a  blank, 
tne  field-base  and  modulus  to  be  used.  The 
eld-base  should  be  a  decimal  number  and  the 
modulus  should  be  an  octal  number. 

•l  23 

"lease  enter  the  number  of  channels  to  be  sent 
jy  the  transmitting  node.  This  should  be  a 
oecimal  number. 

L  j 

please  enter  the  number  of  channels  active  at 

the  receivers  node;  this  should  be  a  decimal  number, 


NF  matrix  for  8  out  of  10 
:n innel 3  over  GF  2** (4)  mod  2" 


E21 


00  11  17  16  04  15  11  13  02 
*  01  14  02  07  01  10  04  01  04 

esse  enter,  on  one  line  and  separated  by  blanks, 
s  numbers  of  the  8  channels  active 
the  receiving  node.  These  numbers  should  be  decimal 
234673  10 

coder  matrix  for  the  active  channels  listed  above  is: 


'  ^  00 

00 

0  0 

00 

00 

00 

00 

00 

00 

01 

,'>lj 

00 

00 

00 

00 

00 

00 

00 

oo 

0  1 

o  o 

00 

00 

00 

00 

00 

00 

00 

01 

00 

00 

00 

00 

00 

00 

1  4  L  j 

05 

01 

0 1 

10 

01 

07 

00 

12 

•  ■  1  i.i 

00 

00 

00 

01 

00 

oo 

00 

oo 

-  <  : '}  *“• 

00 

ex;* 

00 

00 

01 

00 

oo 

00 

.  *!  '  0 

oo 

o  o 

00 

00 

00 

01 

00 

00 

.Mae  enter,  on  one  line  and  separated  bv  blanks, 
a  data  received  on  each  of  the  channels  active  at 
e  receivers  node.  The  data  should  be  in  the  form 
octal  numbers,  and  should  be  entered  in  order  of 
creasing  channel  number. 

11  12  13  15  16  17  14 

o-  8  transmitted  cleartext  words  were 
otal  numbers  expressed  in  channel  order): 

1 L  12  13  14  15  16  17 

■ou  want  to  decode  another  8  words? 

,oe  ,  or  n>. 


FI 


Appendix  F 

Copy  of  Yeh/Reed/Truon^  paper 
on  systolic  multipliers  for  finite  fields 
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Wwrrucf — Two  systolic  architectures  are  developed  for  per- 
M  ming  the  product-sum  computation  ,\B  +  C  in  the  finite  field 
hi  i2">  of  2"  elements,  where  .1,  B.  and  C  are  arbitrary  elements 
ol  {■HI”).  The  first  multiplier  is  a  serial-in,  serial-out  one- 
dimensional  systolic  array,  while  the  second  multiplier  is  a 
parallel-in,  parallel-out  two-dimensional  systolic  array.  The  first 
multiplier  requires  a  smaller  number  of  basic  cells  than  the  second 
multiplier.  The  second  multiplier  needs  less  average  time  per  com¬ 
pulation  than  the  first  multiplier  if  a  number  of  computations  are 
performed  consecutively.  To  perform  single  computations  both 
multipliers  require  the  same  computational  time.  In  both  cases  the 
architectures  are  simple  and  regular  and  possess  the  properties 
of  concurrency  and  modularity.  As  a  consequence  they  are  well 
■i.ited  fur  use  in  VLSI  systems. 

huhx  Terms — f  inite  field,  logic  design,  primitive  element. 
•  v  uolic  array. 

I.  Introdution 

FINI 1 H  or  Galois  f  ields  have  many  important  and  practical 
applications.  Finite  fields  can  be  applied  to  error- 
■  liv.tine  codes  |l|  [3 1 .  switching  thcoiy  |4|,  and  digiial 
.  processing  |5j  For  example,  finite  fields  arc  used  in 
i  ,  .instruction  of  many  error-correcting  codes.  Reed 
•u'n.on  (RS)  codes  utilize  the  finite  field  CF(2'r)  of  2 ” 
enienis.  where  in  is  a  positive  integer.  The  encoding  and 
■ding  algorithm  of  a  binary  RS  code  require  algebraic 
;  i.itnuts  in  some  field  01(2").  rather  than  the  usual  binary 
:  = 1 1 : . . .-..-tic  operations 

I  i.e  operations  ot  addition  and  multiplication  in  a  finite 
,!  me  quite  different  Horn  the  usual  binary  arithmetic  opera- 
■  -  Hecause  of  their  simplicity  and  practical  usefulness, 
i  1  'I.e  finite  fields  GF)2")  are  considered  in  this  paper. 
nli'h'D  in  UTM"  \  is  bit  independent  and  straightforward. 

1  .  it  i'  easier  than  the  usual  binary  addition.  On  the 

ntiary.  multiplication  in  GFi2")  is  more  complex  and 
i  ult  than  binary  integei  multiplication. 
se.ei.il  circuits  have  been  proposed  1 1 ) -|3|,  |6|-|8|  to 
.hzc  multiplication  in  07(2  i.  Unfortunately,  these  cir- 
are  not  suited  for  use  in  \  L.S1  systems,  due  to  irregular 
touting  and  complicated  control  problems  as  well  as  a 
n. nodular  structure  or  lack  of  concuirency  I'M. 

In  ibis  paper  two  parallel  architectures  are  designed  to 
muni  multiplication  in  GT<2").  In  Section  II  an  algorithm 

icvuiNoi  January  Hi.  revised  April  25.  I^H3.  This  uork 
,  p*  rf .“!  m  Part  ihe  l  *  S  Air  I  urve  Oltiec  v'fSViernitie  Research  undei 
nsR-sd  'H5I  and  m  p.n?  In  NASA  umUr  ( \«ntravt  NAS7-UV) 
i  an J  l  S  Recti  are  Aiih  '.lie  Dcp.mrncni  »  t  l.lcctne.il  Kn^inceriit*:. 

,  u!  Si  titlu-in  (  a'l.vMina.  1  t»s  .-Xn^eK  s  l’.\  ‘HKhVi 
I rit.  ne  u  vk>th  ' *! . ■  (  'j:i»nunnatn>n  Reseaii.li  Seuu'ji  Jet 

v,  I  a,  :  brr.c .  iVm.  .1  . .  (  N^llOd 


is  de lived  for  multiplication  in  GFi 2")  This  algorithm  is 
mapped  into  the  hardware  design  in  Sections  III  and  IV. 
In  Section  111  a  one-dimensional  systolic  multiplier  tor 
GF(2")  is  designed.  This  multiplier  is  serial-in.  serial-out. 
In  Section  IV,  a  purallel-in.  parallel-out  multi)  lier  in  67(2" ) 
is  developed.  The  latter  multiplier  has  a  two-dimensional 
array  structure. 

II.  Multiplication  in  GF{ 2") 

It  is  assumed  that  the  reader  is  familiar  with  the  basic- 
concepts  of  finite  fields.  The  properties  of  finite  fields  arc- 
covered  in  detail  in  [  l]-[3].  In  the  following  the  properties  of 
finite  fields  are  reviewed  briefly  as  required. 

A  finite  field  must  contain  pn  elements,  w  here  p  is  a  prime- 
integer  and  in  is  a  positive  integer.  The  finite  field  GFi  2") 
contains  2'"  elements.  GFi 2’")  is  an  extension  field  of  the 
ground  field  GF(2)  of  2  elements,  i.e..  GFi 2)  -  {0.  U-  All 
arithmetic  operations  in  GFi 2")  arc  performed  by  taking  the 
results  modulo  2. 

The  nonzero  elements  of  GFi2m)  arc  generated  by  a  primi¬ 
tive  element  «,  where  a  is  a  root  of  a  primitive  h  reducible 
polynomial  Fix)  xm  +  /„  i.v”  1  -  •  fx  -  !.  ovci 

Gb[2).  For  example  Fix)  =  .v4  +  v  r  I  ic  one  such  primi¬ 
tive  irreducible  polynomial  for  UFi2 4). 

The  nonzero  elements  of  GFI!')  can  he  repiescnted  as 
the  powers  of  «,  i.e.,  GFi2m)  -  {0,  o',  •  --. .. 

<f  1  ~  1}.  Since  F(a)  =  0.  um  ~  J„,  u  " 

/,«  *  Therefore,  an  element  of  GF(2"')  can  be  also  ex¬ 
pressed  as  a  polynomial  of  u  with  degree  less  than  in. 

1  hat  is.  Gf  (2"  )  {a„  la”1  1  -t- . << , •  u.  <; ,  • 

Ghi2)  tor  0  a  /  •'  ni  -  I}.  In  the  following  discussion, 
the  polynomial  representation  is  used  to  represent  the  finite 
field  GF(2m). 

Let  A  '  u„  , u"’  1  +  ■  •  •  -t-  a , a  f  r;,j  and  B  h... 
a'"  1  +  •  •  •  i  />|(,  +  be  two  elements  in  GF(2 TIkh 

A  t  B  -  Hm a"  '  +  ••■+  Si  a  +  Sv.  where  S  - 
a,  +  b,  (mod  2)  for  0  s  i  ^  m  —  1.  Therefore,  addition  in 
GFi 24 )  is  realized  easily  by  m  independent  Lxa.i  sivt-.-ck 
gates. 

Suppose  F  -  1  (  •  •  •  +  /r.a  +  pu  is  the  product 

of  A  and  B.  i.e.,  P  -  AB.  P  can  be  written  as  follows  1 1  j- 1 2 1: 

f*  !  m  -  I  /  ffi  -  I  . 

P  =  X  {Aa‘)ht  ~  X  (  2.  n'  aAbt 

*  "  k  w  '  n  (I 


Pills  -M  in  v- 1  i)  t(iit  H4S7mI1  ;)'i  ■  lv)S  )  IFFF 
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where  a'„l‘  is  the  coefficient  of  a"  in  Aa\  i.e.,  Au*  = 
Ci«"  1  -»■■••+  a, “a  +  aj>  ’  for  t)  £  it  s  m  -  I.  From 
(1),  one  obtains  p„  =  a'?'b0  +  u‘„ubt  +  •  •  •  +  a?~2>bn„-,  + 

The  computation  of  Aa4  can  be  performed  recursively  on 
<.  for  0  <  1  <  m  -  1.  Initially,  for  £  =  0,  /la“  =  A,  i.e., 
uT  =  <i„  for  0  n  <  ft  -  t .  For  1  is  k  £  m  -  1 , 

m- 1  m -  I 

Aa4  =  (AcT'la  =  X  ufu"'1  =  a^Zi'u"  +  X 

«30  n* I 

(2) 


Substituting  a1"  = 


+  /;a  +  /0  into  (2)  yields 


=  X  (afT,1'  +  afJM*  +  (3) 

/|-  1 

From  13),  one  obtains 

i‘n'  -  for  1  S  n  s  m  -  1 

d.i  —  d„.|/0.  (4) 

Fig.  1  illustrates  the  step-by-step  operations  of  a  procedure 
for  performing  P  =  AB  +  C  in  GF{2*).  In  Fig.  1  u'i',  b„.  c„, 
and/),,  are  the  nth  bits  of  Aa‘.  B,  C,  F,  and  P,  respectively, 
where  F  is  the  primitive  irreducible  polynomial.  p'“  is  the 
partial  sun)  of/),. 

In  the  follow  ing  sections  this  procedure  is  mapped  into  tw  o 
systolic  architectures.  The  above  symbols  (e.g. ,  F,  P ,  a^4>)  are 
still  used  in  the  following  sections. 
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l'ig.  1.  A  procedure  for  computing  P  -  AB  r  c  m  it.e  tiai.v  fic.'J  ()/•  :’  . 
where  A,  fl,  C,  and  P  are  elements  of  tit  1 2'  i 


III.  A  Serial-In,  Serial-Olt  Svstolic 
Multiplier  H>k  GF(2m) 

In  this  section  a  one-dimensional  systolic  array  is  devel¬ 
oped  to  compute  P  —  AB  +  C  in  GF(  2").  A  similar  structure 
was  proposed  to  multiply  the  usual  two's  complement  binary 
numbers  [10].  For  simplicity  in  description  the  ensuing  dis¬ 
cussion  is  limited  to  the  particular  finite  field  GF(24).  In 
Fig  2  this  architecture  is  shown  for  GF( 2*).  The  primitive 
irreducible  polynomial  is  F  -  fyix '  +  fi<xl  +  /,a  +  /0.  Input 

receives  the  b„  of  B.  The  nth  bits  c„,  u„,  and  /,  of  C,  A, 
and  F  are  received  serially  at  inputs  e0 ,  g0,  and  /i0,  re- 
spectively.  Two  control  signals,  start  and  end,  are  used  in 
the  design.  Inputs  r„  and  t0  receive  start  and  end  control 
signals,  respectively. 

Output  i-4  serially  transmits  the  nth  bit  p„  of  the  result  P  out 
of  the  system.  The  order  of  the  inputs  and  outputs  are  also 
show  n  in  Fig.  2.  The  flip-flops  associated  with  inputs  r0  and 
h„  are  used  for  the  purpose  of  synchronization. 

The  circuit  of  cell  L,  is  shown  in  Fig.  3.  The  operation  of 
flip-flops  in  this  system  is  synchronized  implicitly  by  a  clock 
signal.  In  Fig.  3,  when  r*  =  1 ,  u,  =  g*  at  the  next  time  unit 
(through  switch  SW).  When  r*  =  0,«,  sustains  its  value. 
Two  principle  operations  of  the  system  are  the  following: 

e, .  i  «—  (?,*./ 1  0  <7 
V*  |  «-  ut.ii'  i  1 1;  *  t*  1 


FF:  Pllf-Fltp 

Fig.  2.  A  serial-in,  serial-out  systolic  multiplier  for  the  finite  field  (#/ 1  ?4» 


Fr  .  nip  Flop,  SW-  r.v  1 : -  * 

t  XO*  :  Cxr  lual««-A)K 

t  ig  3  The  circuit  of  the  cell  L,  used  in  the  mulnpU-r  shown  in  Fig  3 


(5) 


lilt  <■/  til.:  SYSTOLIC  Ml'LTll'LItRS  K)R  F1NITH  fltiDS 


TABLE I 

SuML  PROI'IRTIES  Oh  TWO  SVSTOI.IC  Mu.TIPl  ILRS  KIR  G’fl2“) 


"■jltli'lti-r  |  The  irultiplierj  The  oultlplter  , 


.  - - =T- 

cber  >1  'easlc  ulls 

n 

1 

- j 

2 

m 

1 

t 

serial 

parallel 

1 

1  j 

ir.ir.uti  .i.TrT'e  t  lint*  "c-r  i 

i't  put  at  »«nt  l  C  im*.  unit.;)  ! 

"t  | 

eiav  h  tween  t  irst  input 
•u*  firs’,  output  x<f  a  : 

.  ..nutation  (tine  unit*)  j 

j 

Jn 

i 

2n  | 

(3b  If  input/  i 
output  delay  U 
al»o  counted)  | 

T 

j'l-er  :  control  ?: i »•  I s  ! 

1 

2  1 

o  i 

•a here  0  i  •:  3.  0  denotes  EXCLUStvt-OR  operation,  and 
the  backwards  arrow  denotes  the  substitution  operation. 

A  comparison  of  the  procedure  in  Fig.  1  and  the  structure 
m  Figs.  2  and  3  yields  the  following  facts.  The  signal  u,  ini, 
s  equal  to  uV  in  Au‘.  The  signal  g*  is  equal  to  ajj'1  in  Aa‘  for 
•ome  n.  The  signal  e*  is  equal  to  the  partial  sum  of  AB  +  C. 

t  he  multiplier  in  Fig.  2  can  be  generalized  to  the  finite 
k  id  GF\  2 n)  by  simply  concatenating  m  identical  cells.  Extra 
K  eisters  and  control  signals  are  required  if  the  b' s  are  in¬ 
putted  serially  into  the  system  in  the  same  order  as  the  a,' s. 
Some  properties  of  this  multiplier  are  listed  in  Table  1. 

i\  .  A  PsRAI.LI.L-1n.  PaKAI.I.LL-OlT  M'  LTI  FLIER  FOR  CF(2m) 

lii  this  section  a  parallel-in.  parallel-out.  two-dimensional 
systolic  array  is  designed  for  performing  P  =  AB  +  C  in 
(</  i2  ).  A  similar  structure  was  designed  (11]  to  perform 
multiplications  in  standard  binary  arithmetic.  The  discussion 
m  tins  section  is  again  limited  to  the  finite  field  GF( 2*).  An 
analogous  development  can  be  constructed  for  any  other 
liiutc  lield  GF( 2"  i .  Fig.  4  shows  this  multiplier  forGF(2*). 
In  Fig.  4  D"  denotes  an  /i-bit  shift  register  or  delay  device. 
Inputs  di s.  c„  ,,'s.  g„  ,,’s,  and  h„A's  receive  in  parallel  the 
b„'s  ot  ll.  cn' s  of  a,’  s  of  A.  and  s  of  F.  respectively,  for 
ti  ‘  h  ~  3  The  /»„' s  of  the  result  P  are  transmitted  out  the 
system  in  parallel  from  outputs  «v/s  lor  Os'ns  3. 

Hie  circuit  of  a  basic  cell  L, ,  is  shown  in  Fig.  5.  This 
.u, .nit  is  similar  to  the  circuit  shown  in  Fig  3.  Two  of  the 
pi’iuary  operations  of  a  basic  cell  are  the  same  as  the  oper- 
.1  unis  given  in  1 5).  One  may  use  degenerative  versions  of  the 
,  . i cult  in  f  ig.  5  tot  the  cells  in  the  bottom  row  and  the 
i  >. 'Inmost  column  of  the  array  structure  in  Fig.  4  since  some 
mputs  and  outputs  of  these  cells  are  not  used.  Note  that  the 
i  nal  g,. ,  is  equal  to  the  a*  of  Aa‘.  The  signal  «„.*  is  equal 
•  i  of  An*  for  0  £  n  £.  3. 

Some  propeities  ol  the  multiplier  in  Fig.  4  are  also  listed 
",  I  able  I.  The  multiplier  in  Fig.  4  is  ''programmable”  since 
/  i  changeable.  If  /•'  is  fixed  or  seldom  changed  then  the 
i.-.ign  can  he  simplified  by  eliminating  all  flip-flops  assoc  i- 
•.  .d  with  h.  I  or  such  a  case  butlers  and  long  v. ires  may 
.  icquired. 


F4 


l/\  n-i  !t  (Ml:  r.,  :-<•  r 

Fig.  4.  A  two-dimensional  parallel-in,  parallel-oul  systolic 
multiplier  for  the  fmile  field  GF(2‘). 


if  ri  it*-:  s  t  .  '  •  *  >.  1  us .  o 

lag  5  The  circuit  of  basic  cell  ,  used  in  the  multiplici  >!;<.. o;  m  1  u  4 


V.  Conclusion 

Two  parallel  architectures  are  designed  for  performing 
multiplication  in  the  finite  field  GF( 2")  of  2m  elements.  A 
comparison  between  these  two  multipliers  is  listed  in  Table  I 
The  multiplier  in  Fig.  4  can  be  viewed  as  a  “time  expansion " 
of  the  multiplier  in  Fig.  2.  Both  multipliers  are  suited  well 
for  VLSI  systems  because  of  the  simple  control,  the  regular 
interconnection  pattern,  (he  modular  structure,  and  finally 
the  complete  concurrency  of  their  operations 
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A  Note  on  Super  Cast  'll)  reshol  d  Schemes 


John  R.  Bloom 

Abstract:  Threshold  schemes,  or  key  safeguarding  schemes, 
are  innovative  new  approaches  to  crvptokey  transfer  or  secure 
data  storage  problems.  This  note  outlines  a  class  of  schemes 
which  approach  optimality  of  speed  and  simplicity.  The  schemes 
are  based  on  linear  maps  over  finite  fields.  These  schemes 
are  the  proper  generalization  of  Vernam  pads. 

Key  words  and  phrases:  privacy,  security,  cryptography,  message 
CR  Categories:  3.81,  3.6,  5.23 

A  threshold  scheme  is  a  method  for  producing,  fror  a  message 
n  "shadows"  y^,  ...,  v  ,  with  the  properties  that: 

1.  Any  r  shadows  suffice  to  determine 

No  r-l  shadows  give  any  information  about 

threshold  schemes  have  been  discussed  in  papers  by  Binkley  [2|, 
Shami  t*  |  'tj,  where  many  applications  are  discussed,  and  Asinuth  and  bloom 
[1],  wliere  a  class  of  schemes  including  Shamir's  is  discussed,  and  fur¬ 
ther  cross  checking  capabilities  are  also  introduced.  This  paper  intro 
dua.'s  a  class  of  schemes  of  optimum  speed  and  simplicity  when  the  :r.es  .a 
length  is  large  compared  to  r.  These  schemes  are  the  generalization  o 
Vernam  pads. 

To  generate  such  a  threshold  scheme,  pick  v..,  v.  ,  ....  v  vector 

u  J  n 

i  a  If'  so  that  no  r  are  linearly  dependent.  This  can  be  done  if 

I  * 

I  n,  and  conjectural!;'  for  no  smaller  <| .  (See  [3j  pp.  323-128). 

Considering  the  message  x  and  the  shadows  y^  to  be  elements 
of  ]|  .  construct  a  linear  map  1,  from  R’1  to  IF  with  hv,,  =  :: 


•SS  ill 


f 


and  Lv,  ,  ....  l.v  ,  random.  Lot  Lin;;  y.  - 
1  r-1  t 

produced  a  threshold  scheme  l’roport y  1  is 

r 

span  1F^ ,  and  property  2  is  satisfied  since 
r- 1  v. ’ s . 

i 


Lv.  ,  i  -  L , .  .  .  ,  n  one  lias 
satisfied  since  anv  r  v.'s 

'  i 

v^  is  not  dependent  on  any 


In  practice  one  picks  q  as  small  as  possible  and  redin'  s  x  to  a 
sequence  m  messages  of  size  q. 


Proposition:  To  produce  a  sequence  of  in  shadows  for  fixed  i  requires 

at  most  mr  additions  and  mr  multiplications.  To  reconstitute  the 

3  3 

v  r 

sequence  of  m  s  requires  at  most  —  +  (nH-l)r  additions  and  t-+(i:i+1) 
multiplications.  Tiie  algorithm  meeting  these  requirements  is  described 

he  1 ow . 

r-1. 

r 

For  fixed  i,  there  is  a  vector  w  <  IF  with  v,  =  .•  w.v.  . 

q  r  )=()  |  ] 

r-1 

One  can  construct  y.  =  Lv.  from  the  relation  Lv.  =  v  w.Lv,.  To 

1  1  1  ]=0  1  3 

r 

reconstitute*  x  from  y.lf  v.  ,  one  solves  V  u.v..  -  for 

l  >  ’ll  j_j  J  i.)  0 

Li.e  vector  u  by  buussian  elimination  and  forms  x  =  l.v()  from  i  in 

r 

relation  Lv  =  £  u.y..  .  This  algorithm  clearly  satisfies  the  op  counts 

0  j=l  J 

given  above. 

Since  q  can  he  chosen  extremely  small  in  many  applications,  two 
savings  are  possible.  If  the  u's  are  stored,  no  Oaussian  elimination 
is  necessary.  If  a  table  of  Zecb's  logarithms  is  stored  ([3],  p.  91)  the 
encoding  and  decoding  algorithms  reduce  to  r  additions  and  r  table 
look-ups. 

For  large  m,  these  threshold  schemes  take  (2+  )r  operations. 


kon jecturally ,  one  cannot  have  threshold  schemes  requiring  (2-;)r 


operations  for  large  r,  n.  An  elementary  result  is  the  follow!. ip, . 

Prop 1 1 s i t ion :  A  threshold  scheme  cannot  be  decoded  in  fewer  than  r 
ope  riit ions . 

1  fool  .  Since  a  threshold  s chime  requires  that  no  r-1  y^'s  determine 
ill  r  shadows  must  be  used. 

Lhe  definition  of  a  threshold  scheme  requires  that  each  shadow 
carry  as  much  information  as  the  message  x.  This  message  expansion 
be  overcome  by  using  a  pseudo-threshold  scheme.  All  existing  schemes  I 
such  variants,  only  the  variant  of  this  paper's  superfast  scheme  is  out 
i  i  tied. 

Pick  v  v,.,  ...»  v  in  if'  so  that  no  r  are  I  inear Iv 

-k  0  n  <| 

d'peiidt_nt .  form  a  linear  map  1.  with  l.v  .  -  x.  tor  j  =  0,  ....  K 

-.)  1 

iere  x  '  r  and  x  ,  ...,  x  are  messages  or  parts  of  a  message 
U  K 

l.et  v.  =  l.v.  i  -  l,..., ii.  All  other  details  are  as  before. 

i  i 

For  these  schemes  one  lias,  for  each  i  that  no  r-1  y  '  x  give 
any  information  about  x^,  and  this  may  suffice  for  many  applications, 
hut  r-1  y.'s  do  give  information  about  the  tuple  (x.  ,  ...,  x.  ). 

In  i  ssense,  given  r-s  v^'s,  ^  *  one  correctly  guesses  s  of  the  x 
tiie  rest  follow. 
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Sootrce  Line  IBM  Personal  Computer  Pascal  Compiler  VI.  00 

program  enf  ( i nput , output ) ; 

const  W0RDLENGTH  =  16; 

MAX  INDEX  =  32; 

type  iitat_row  =  array C 1 .. MAX  INDEX  3  of  integer; 

matrix  =  array C 1 .. MAX  INDEX  3  of  mat_row; 

channel _arr ay  =  array  1 1 .. MAX  INDEX  3  of  integer; 


■[  the  rWQ_T0_THE  -function  makes  up  -for  the  lack  o -f  a  generalize 
d 

exponentiation  operator  in  standard  Pascal.  It  returns  two 
raised  to  the  power  of  its  cal  1 er-supp 1 i ed  argument. 


function  TW0_TQ_THE  (argument  :  integer):  integer; 

var  accumulator  :  integer; 
index  :  integer; 


begin 

accumulator  :=  1; 
for  index  :  =  1  to  argument  do 
accumulator  : =  accumulator  *  2; 
TWO _TQ_THE  :=  accumulator; 
end ; 


Offset 

, , 

6 

-  0 
10 
3 


Length 

14 


Variable  -  TWQ_TQ_THE 
Return  offset.  Frame  length 
(function  return)  : 
ARGUMENT 
INDEX 

ACCUMULATOR 


Integer 

: Integer  ValueP 
: Integer 
: Integer 


the  READ_QCTAL  routine;  this  routine  allows  the 
the  program  to  input  his  values  in  octal  rather 
decimal;  it  replaces  the  Pascal  standard  "read" 


user  of 
than  in 
rout l ne. 


procedure  READ_0CTAL  (var  total  :  integer); 
const  BLANK  =  '  '  ; 

var  inchar  :  char; 


CHJ 


:tal 


1  O  1.’  a.',  k/1 


Source  Line 


IC  Line# 


IBM  F'ersonal  Computer 


38 

20 

39 

begin 

•“*%  « 

—  -L 

40 

read  ( i nchar ) ; 

4 

1 

41 

total  :=  0; 

42 

21 

43 

while  (inchar  =  BLANK)  do 

21 

44 

read  ( i nchar ) ; 

45 

21 

46 

while  not  (inchar  =  BLANK)  do  begin 

4  7 

total  :=  total  *  8  +  (ord  (inchar) 

••  “i  •*-, 

48 

read  (inchar) 

-J 

49 

end 

50 

1  V 

51 

end ; 
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Variable  -  READ_QCTAL 
Return  offset.  Frame  length 
TOTAL 
INCHAR 


Cthe  WRITE_0CTAL  routine;  it  replaces  the  Pascal 
"write"  routine  and  allows  the  program  to  repor 
output  values  in  octal  rather  than  in  decimal. 


standard 
t  its 


58  procedure  WRITE_0CTAL  (number  :  integer; 

5^  field_base  :  integer  ); 

6<.‘ 

61  var  outbuf  :  array  C 1 . . W0RDLENGTH3  of  char; 

62  temp  :  integer; 

63  index  :  integer; 

64 

65 

66  begin 

er-~  *  ->dex  :=  1  to  WQPPLENGTH  do  outbuf  Cinder:  3  :=  'O'; 
68  index  :=  1; 
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70 

71 

73 

74 
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/  -J 
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while  (number  >  0)  do  begin 
temp  :=  number  mod  3; 

outbuf C i ndex 3  :=  chr  (ord('O')  +  temp); 
index  :=  index  +  1; 
number  :=  number  div  8 
end ; 
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temp  :  = 

field_base  +  ; 

V  o  « 

V 

78 

if  itemp  . 

1 )  then  temp 

V.  2 1 

79 

if  (temp 

( i ndex  -  1 ) > 

2 1 

30 

for  inde:. 

: =  temp  downt 

2 1 

81 

write!'  ' > 

I 

32 
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Return  offset,  Frame  lenqth 

NUMBER 

TEMP 

INDEX 

F  IELD_9ASE 
GUTBUF 


I n  t  eg er  Va 1 ueP 
I  n  t-  eger 
Integer 

Integer  Valuer 
Arr  av 


{  The  ADD  function  returns  the  logical  xor  of  its  two  caller- 
supplied  arguments.  This  is  addition  over  6Fin)  for  any  n. 

function  ADD  (terml  :  integer; 

term2  :  integer  >:  integer; 


begin 

ADD  :=  (  (terml  or  term2>  and  (not (terml  and  term2) )  ) 

end ; 
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Offset  Length  Variable  -  ADD 

-  4  10  Return  offset,  Frame  length 

-8  2  (function  return)  :  Integer 

-  0  2  TERM1  :  Integer  ValueF' 

-2  2  TERM2  :  Integer  ValueF’ 


C  The  MULTIPLY  function  performs  multiplication  over  GF(n) 


1IILLU*  j  _  .  i  ■-*  icii 

of  the  multiplication. 


applied  ..oJuius  and  ret*-.;*.*, a  tho 


MULTIPLY 


function  MULTIPLY  (factorl 

factor2 
modul us 
field  base 


i nteger ; 
integer ; 
integer; 

integer  ):  integer; 
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20 

107 

var  index  : 

integer; 

20 

1 08 

1 0? 

answer  : 

i nteger ; 

20 

1 10 

1 1 1 

begin 

21 

112 

1 13 

answer  :=  0; 

114  -for  index;  :=  0  to  (field_base  -  1)  do 

1 15  begin 

116  answer  :=  answer  *  2; 

117 

113  it  i  (  (factorl  mod  TW0_T0_THE  (f  ield_ba.se  -  inde;-:)) 

11?  div  TW0_T0_THE  (field_base  -  (index+1 ) )  )  >  0) 

120  then  answer  :=  ADD  (answer,  -factor2)  ; 


21 
1 0 

mt  ab 


20 

20 

20 

20 

-ERSE 


L22  it  (  (answer  div  TW0_TQ_THE  (f ield_base) )  >  0) 

123  then  answer  :=  ADD  (answer, 

124  TWQ_T0_THE  ( f i el d_base )  +  modulus) 

125  end; 

126  MULTIPLY  :=  answer 

127  end; 
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Length  Variable  -  MULTIPLY 
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a 

20  Return  offset,  Frame  length 

- 

12 

2  (function  return)  : 

Integer 

- 

o 

2  FACTOR 1 

:  Integer 

Val ueP 

- 

14 

2  INDEX 

: Integer 

- 

16 

2  ANSWER 

:  Integer 

- 

n 

2  FACT0R2 

: Integer 

Val ueP 

- 

4 

2  MODULUS 

; Integer 

Val ueP 

“** 

6 

2  FIELD_BASE 

: Integer 

ValueP 

12S 

129 

1 30 

r 

The 

INVERSE  function.  It  accepts  a  field 

element  and 

131 

returns  the  element's  multipl icati ve  inverse.  This 

132 

implementation  is  very  slow  ?<  primitive — 

i  f  H  r? »  i  ]  rj  hp 

133 

134 

135 

136 

137 

138 

139 

140 

141 


replaced  by  Davida's  inverse  routine  or  some  other  -fast 
implementation  at  the  first  opportunity. 


function  INVERSE  ( 


el ement 

f i el d_base 

modulus 


l nteger ; 
integer ; 

integer  ):  integer; 


var 


i  nde:-: 
answer 


i nteger ; 
integer; 
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squares  :  integer; 


begin 


answer  :=  l; 
squares  :=  element: 


tor  index  : =  1  to  (+ield_base  -  1/  do 
beg  i  n 

squares  :=  MULTIPLY  ( squares , squares , modulus , t i si d _b aee • 
answer  :=  MULTIPLY  ( answer , squares , modul us , f l el  0 _base ) 
end ; 


INVERSE  :=  answer 


end ; 
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Variable  -  INVERSE 

“  6 

20 

Return  offset,  Frame  length 

10 

(function  return)  : 

Integer 

-  o 

ELEMENT 

: Integer 

12 

INDEX 

: 1 nteaer 

-  i 4 

■-> 

ANSWER 

: Integer 

_ 

n 

FIELD_8ASE 

: Integer 

4 

o 

MODULUS 

: Integer 

16 

T* 

SQUARES 

: Integer 

■C  The  DIVIDE  function  performs  Galois-field  division, 
it  accepts  dividend,  divisor,  modulus,  and  field-base 
(in  that  order),  takes  the  inverse  of  the  divisor,  and 
multiplies  the  result  by  the  dividend. 


function  DIVIDE  <  dividend 

di vi sor 
modul us 
field  base 


i nteger ; 
integer ; 
i nteger ; 
i  n  f  an 


i  r'  teour  ■ 


var  di vi sor_i nverse  :  integer; 


begin 


di vi sor 
D I V I DE 


i nver se  : = 
=  MULTIPLY 


J.  I  1—  I  \uu 


(dividend,  di vi sor _i n verse 
modulus,  field  base 


moau 1  us )  ; 


) 
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12 

n 

(function  return)  : 

I  n  t  eg  er 

-  0 

DIVIDEND 

:  Integer 

Val ueP 

__ 

DIVISOR 

:  Integer 

Val ueP 

4 

MODULUS 

:  Integer 

Val  ueF1 

6 

n 

F I ELD_BASE 

:  Integer 

Val ueP 

14 

2 

DIVISQR_ INVERSE 

:  Integer 

i .  •._) 

1/9 

180 

131 


The  CONSTRUCT _  VAN  routine.  This  procedure  constructs 
square  vandermonde  matrix  with  the  dimension  supplied 
calling  routine. 


2  0 

134 

procedure  CQNSTRUCTJVAN  (var  van  : 

matr i x  ; 

20 

183 

n  : 

i nteger ; 

20 

186 

field_base  : 

i nteger ; 

20 

187 

modulus  : 

integer 

183 

20 

189 

var  row 

:  integer; 

20 

1 90 

column 

:  integer; 

20 

191 

exponent  :  integer; 

20 

192 

i  ndex 

:  integer; 

20 

193 

temp 

:  integer; 

194 

20 

195 

begin 

196 

21 

197 

if  ( n  <  3 ) 

then  writeln  ('van  dimension  < 

3:  error 

21 

193 

el  se 

21 

1 99 
“(■)(*) 

begi  n 

201 

Ibuild  first 

row  of  van.  I 

202 

- 

.....  r  i 

*i  r  i  i  —  i  . 

22 

204 

for  column  :=  2  to  n  do 

.  o 

V  l  “1 

C 1 3 C column I  : -  0; 

206 

207 

Cbuild  second  row  of  van.  I 

208 

209 

for  column  : =  1  to  n  do 

210 

van 

C23Ccolumn]  :=  1; 

211 

^  r-1 

Cbui Id  third 

row  of  van.  J- 

•MSTRUCT  VAN 
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t-J  I J  t-J 
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van  C33  C  1  3  :=  1 ; 
van  C33C23  :=  2; 

•for  column  :=  3  to  n  do 
van  C33Ccolumn3  := 

MULTIPLY  (van  C33Ccolumn  -  13,  2, 
modulus,  field_base 

Ibuild  remaining  rows  or  van. 3 


if  (n  >3)  then 

for  row  :=  4  to  n  do  begin 
van  Erow3C13  :=  1; 
for  column  :=  2  to  n  do 
van  Crow3 Ccol umn3  := 

MULTIPLY  (van  Crow  -  13Ccolumn3,  van  C33Ccolumn 
modulus,  field_base 


1 0  234 


rnt ab  234 


end; 
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Variable  -  C0NSTRUCT_VAN 
Return  offset,  Frame  length 

l  J/\KI 


Return  off 

VAN 

N 

ROW 

FIELD_BASE 

MODULUS 

COLUMN 

INDEX 

TEMP 

EXPONENT 


: Array  VarP 
: Integer  ValueP 
: Integer 
: Integer  ValueP 
: Integer  ValueP 
: Integer 
:  Integer 
: Integer 
:  Integer 


•C  the  BUILD_ENF  routine.  It  accepts  the  modulus  and  field-base 
desired  by  the  user  and  the  number  of  channels  to  be 
transmitted  and  produces  a  CODING-NORMAL-FORM  matrix  (enf). 
This  matrix  is  ( transmi tted )  X  (transmitted  -  2),  and  is 
gotten  by  column-reducing  the  first  (transmitted  -  2)  columns 
of  a  ( transmi tted )  X  ( tr ansmi tted )  Vandermonde  matrix  so 
that  the  resulting  matrix  is  upper-right  triangular. 
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procedure  BUILD_ENF  tvar  enf 

transmi tted 
modulus 
field  base 


inatri ;;  ; 
integer ; 
i nteger ; 
i nteger  ) ; 


Cul  U:Tii  i s 


reduc i ng_col 
reduced  elt 


col  um.n 


d i men si  on 


i nteger ; 
integer ; 
integer ; 
integer ; 
i nteger : 
integer ; 
inteaer ; 


beg  i  n 


dimension  :=  TW0_TG_THE  (f i el d_base) ; 


CONSTRUCT^ VAN  (enf,  dimension,  field_base,  modulus); 


rows  :=  dimension; 
columns  :=  dimension  -  2; 

for  reducing_col  : =  1  to  columns  do  begin 


C  divide  reducing-col  through  by  its  lead  element  (we  want 
ones  along  the  diagonal.) 


for  row  :=  1  to  (rows  -  reduc i ng_col )  do 
enf Crow3 Creduc i nq_col 3  :=’ 

DIVIDE  (enf Crow3 Creduci ng_col 3 , 

enf  C (rows-reducing_col ) +1 3  Creduci ng_col 3 , 
modulus,  field_base>; 

enf C (rows-reducing_col ) +1 3 Creduci ng_col 3  :=  1; 


r  rol  umn-'-educe  to  clear  the  row  containing  the  lead  el. 
reducing-col  (that  lead  element  is  now  a  1). 


( reduc i ng_col  <  columns)  then 
for  column  :=  (reduci ng_col  +1)  to  columns  do  begin 
reduced_e'lt  :=  enf  C  (rows-reduci  ng_col )  + 1  3  Ccol  umn  3  ; 
for  row  :=  1  to  (rows  -  reduci ng_col )  do 
enf Crow3Ccolumn3  := 

ADD  (enf C row3 Ccol umn 3 , 
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reduced  _  el  t ,  c-nt  Crow 3  C reduc  l  ng_c 


modulus,  tield_ba.se  > 
enf  C  (r ows-reduc i  ng_col  >  + 1 1  Ccol  umn  3  :=  0 

end 


end 
end ; 
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Variable  -  BUILD_£NF 
Return  offset,  Frame  length 
ENF 

TRANSMITTED 

MODULUS 

COLUMNS 

ROWS 

ROW 

COLUMN 
FIELD_BASE 
DIMENSION 
REDUCED_ELT 
REDUCING  COL 


: Array 
:  Integer 
:  Integer 

: Integer 

■  T  AT,  *•- 

»  *  I  I  Lww,t, 

: Integer 
: Integer 
: Integer 
:  Integer 
: Integer 
:  Integer 


VarP 
Valuer 
v'a  1  >j.eP 


Val ueP 


•C  the  TRANSPOSE  routine  accepts  a  matrix  and 
and  produces  the  transpose  of  the  matrix. 


its  dimensions 


procedure  TRANSPOSE  <  m 

var  m_prime 
m_r ows 
m_coI s 

var  row  :  integer; 
col  :  integer; 

begin 

ror  row  :  --  1  to  m_rows  do 
tor  col  :=  1  to  m_cols  do 

m_pr i meCcol 3  Crow]  :=  mCrow] Ccol ] ; 

end; 

Offset  Length  Variable  -  TRANSPOSE 

-  2054  2066  Return  of -f set,  Frame  length 

-  2046  2048  M  : Array  ValueP 


:  matrix; 

:  matrix; 

:  integer; 

:  integer  ) ; 
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2048 

<-y 

4m. 

M_PRIME 

: Arr  ay 

2050 

M_R0UJS 

: Integer 

2052 

n 

M_C0LS 

: Integer 

2058 

ROW 

: Integer 

2060 

o 

COL 

: Integer 

VarP 


Ithe  EXTRACT_SUBis1ATRI  X  routine  accepts  the  enf  matrix,  the 
number  of  channels  to  be  transmitted,  and  the  number  of 
channels  to  be  received.  It  produces  a  smaller  matri;: 
which  will  be  used  to  construct  the  encode  and  decode  leys 
for  this  particular  configuration  of  transmitted  and 
received  channels. 


procedure  EXTRACT., 

SUBMATRIX  (var  submatrix  :  matrix; 

7^7 

enf  :  matri;;; 

o 

324 

transmitted  :  integer; 

o 

325 

received  :  integer; 

0 

326 

327 

field_base  :  integer 

0 

328 

var  enf_prime 

:  matrix; 

o 

32? 

row 

:  integer; 

M 

330 

column 

:  integer; 

o 

331 

dimension 

:  integer; 

0 

334 

i  ndex 

:  integer; 

i'j 

335 

336 

begin 

1 

337 

333 

dimension  :=  TWO 

_T0_THE  (f ield_base) ; 

1 

339 

340 

TRANSPOSE  (enf , 

enf_prime,  dimension,  d 1 mensi on-2 ) ; 

i 

341 

342 

index  :=  0; 

4 

T-i" 

f or  r o'-‘  :  —  (di ms 

nsinn  -  (transmitted  -  1))  to 

1 

344 

(dimension  -  received)  do  begin 

34  jj 

index  : =  index 

+  1 « 

Zl 

346 

for  column  := 

1  to  transmitted  do 

*_ 

347 

submatr i x C i ndex 3 Ccol umn 3  :=  enf _pri meCrow3 Cool umn 1 

348 

349 

end 

0 

350 

end ; 

350  Offset  Length  Variable  -  EXTRACT_SUBMATRI X 
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4122 

Return  of f set. 

Frame  length 

-  0 

SUBMATRIX 

: Array 

VarF' 

-  2043 

2043 

ENF 

: Array 

ValueP 

-  2052 

n 

RECEIVED 

: Integer 

Val ueP 

-  4108 

n 

ROW 

: Integer 

-  4110 

COLUMN 

: Integer 

-  4114 

n 

INDEX 

: Integer 

-  4  1 06 

2043 

ENF_PR IME 

: Arr av 

-4112 

DIMENSION 

: Integer 

-  2050 

TRANSMITTED 

: Integer 

ValueP 

-  2054 

FIELD_BASE 

:  Integer 

Val ueP 

351 


3b  1 

C  the  BUI LD_ENCQDE_KEY  builds  the  matrix  which 

will  be  used 

"»rr  i 

to  produce  the  (transmitted  -  received)  coded  channels  tor 

-re-  c— 

•_»  wJ 

transmission.  The  first  (received)  channels 

are  sent  in 

J06 

rrc  -r 

the  clear.  } 

20 

O  J  / 

353 

procedure  BUILD_ENC0DE_KEY  (var  encode_l:ey 

matri  ; 

20 

359 

submat  r  i x 

matrix : 

20 

360 

transmi tted 

i nteger ; 

20 

361 

recei ved 

integer ; 

20 

362 

modulus 

integer; 

20 

363 

f ield_base 

integer  ) ; 

364 

20 

365 

var  columns  :  integer; 

20 

366 

rows  :  integer; 

20 

367 

col  :  integer; 

20 

368 

row  :  integer; 

20 

369 

reducing_row  :  integer; 

20 

370 

reduced_elt  :  integer; 

371 

372 

20 

373 

begin 

374 

rows  :=  transmitted  -  received; 

2  1 

775 

columns  ;  —  —  inc-m-i  h- oh • 

376 

i 

3  7  / 

for  reduci ng_rew  rows  downtu  2  do 

-n  4 

4-  X 

373 

for  row  :=  (reduci ng_row  -  1)  downto  1  do  begin 

379 

380 

reduced_elt  :=  submatri x  Crowd 

331 

Crecei ved+(rows-reducing_row) +13; 

382 

for  col  :=  1  to  (recei ved+ (rows-reduci ng. 

.row)  )  do 

383 

submatri:;  Crow3Ccol3  : « 

384 

ADD  (submatrix  Crow] C col  3 , 

|  t'j  [LD_ENC0DE_KEY 

' 
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submatrix  Crow] Crecei ved  + (rows-reduci ng_rcw> +1 3  :=  0 


end ; 

for  row  :=  1  to  rows  do 

for  col  : -  1  to  columns  do 

encode_key  [row!  Ccol  1  :=  submatrix  Crow]  Ccc?’  3 


end ; 


Offset 
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Length 

2084 

*9 

Variable  -  BUILD. .ENCODE .KEY 
Return  offset.  Frame  length 
ENCQDE_KEY 

: Array 

VarP 

-  2048 

2048 

SUBMATRIX 

: Array 

Val ueP 

-  2052 

2 

RECEIVED 

: Integer 

Val  ueF' 

-  2054 

'-y 

MODULUS 

: Integer 

Val ueP 

-  2062 

f-? 

COLUMNS 

: Integer 

-  2064 

9 

ROWS 

: Integer 

-  2066 

■“> 

Xm 

COL 

: Integer 

-  2068 

2 

ROW 

: Integer 

-  2050 

r> 

Jim 

TRANSMITTED 

: Integer 

Val ueP 

-  2056 

f-y 

Xm 

FIELD_BASE 

: Integer 

Val ueP 

-  2072 

n 

REDUCED_ELT 

: Integer 

-  2070 

REDUCING_R0W 

: Integer 

•C  the  ENCODE  procedure.  It  accepts  the  number  of  channels 
transmitted,  the  number  of  channels  to  be  received,  the 

/•nnH,  1  1  l  ie  ,  and  t-h?  f  iolr!  =  T  t-  .,C  =r-,  f5nr,iriir.n 

key  and  begins  reading  plaintext  words.  It  encodes  the 
plaintext  words  and  prints  them  out  !  k  _.r  c.r.*  t  c  them) 

until  it  encounters  an  end-of-file  flag. 


procedure  ENCODE 


transmitted 
received 
modul us 
f i el d_base 
output_channel 


integer; 
i nteger ; 
i nteger ; 
i nteger ; 

channel _arr ay  ); 
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20 

413 

414 

var  enf 

matrix ; 

20 

415 

enf  _pr i me 

matrix ; 

20 

416 

submatr i x 

matrix ; 

20 

417 

encode_key 

matrix ; 

20 

413 

decode_key 

matrix ; 

20 

41? 

cool _decoder 

matrix ; 

7 

420 

i  n  d  ex 

integer ; 

20 

421 

key_col umn 

integer; 

20 

422 

row 

integer ; 

20 

423 

col umn 

integer; 

20 

424 

di  men si  on 

integer ; 

20 

425 

EOT 

bool ean ; 

20 

426 

A  71-7 

response 

char ; 

20 

21 

*T  4im  / 

423 

429 

430 

431 

begin 

dimension  :=  TWQ_T0_THE  ( f i el d_base> ; 

• — i  « 

4iL  1 

4!V^ 

433 

BU I LD_£NF  (enf,  transmitted,  modulus,  fi el  debase); 

21 

434 

TRANSPOSE (enf , enf _pri me , dimensi on , (di mensi on  -2)); 

21 

435 

21 

436 

for  row  j=  1  to  (dimension  -  2)  do  begin 

437 

433 

writeln; 

for  column  :=  1  to  dimension  do 

~v  — i 

43? 

WRITE_QCTAL  (enf _pr i meCrowl Ccol umn 3 ,  field_base) 

21 

440 

end ; 

21 

21 

21 

21 


21 
21 
21 
21 
2  l 
21 


441 

442 

442 

443 

444 

445 

446 

447 
443 

449 

450 

450 

451 

452 

453 

454 

455 

456 


page; 

EXTRACT_SUBMATRI X  (submatrix,  enf,  transmitted,  recei  ved  ,  f  i  el 
d_base) ; 

writeln; writeln  <  'SUBMATRIX - >  '  >  ; 

for  row  *  —  1  to  (transmitted  -  received)  do  begin 
writeln; 

for  column  :=  1  to  transmitted  do 

WRITE_0CTAL  (submatr i x Crow! Ccol umn 1 ,  field_base> 

end ; 
page; 

BUII_D_ENCQBE_KEY  (encode_key,  submatrix,  transmitted,  recei  .  e 
d , 

modulus,  field_base); 

writeln;  writeln  (  'ENCODE  KEY -  '  )  ; 

for  row  1  to  (transmitted  -  received)  do  begin 
writeln; 

for  column  :=  1  to  transmitted  do 

WRITE_0CTAL  (encode_key Crow! Ccol umn 3 ,  field_base) 


riCODE 
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IC 

Li  ne# 

21 

457 

21 

453 

459 

460 

461 

462 

463 

21 

464 

"  ■« 

465 

-  -■> 

466 

467 

'-i  "T 

467 

nt 

460 

468 

-yrr 

469 

470 

24 

471 

23 

472 

473 

474 

475 

^  T 

476 

24 

477 

24 

478 

24 

479 

24 

430 

24 

431 

24 

432 

24 

433 

24 

434 

24 

434 

> '  f 

435 

436 

..;i 

437 

2 

433 

O  T 

489 

4QO 

491 

—V  -f 

491 

492 

-yrr 

493 

“1  ~T 

494 

495 

496 

21 

497 

21 

498 

page; 

I  the  encode  routine  now  reads  in  "received"  cleartext  words, 
generates  "transmi tted"  -  “received"  coded  words,  and  sends 
all  "transmitted"  words  out. 


EOT  :=  FALSE; 
repeat 
begin 

wri tel n (' p 1  ease  enter,  on  one  line,  in  octal  and  separate 

d  '  )  ; 

writeln('by  blanks,  the  values  to  be  transmitted  over  the 

'  )  ; 

wri tel n (' transmi tters  ' , recei ved : 2 , '  channels'); 
for  index  :=  1  to  received  do  begin 
READ_0CTAL  ( output_channel [index  3 ) ; 
end ; 

wri tel n (' words  transmitted  are  (in  channel  order):'); 


) 


for  index  :=  (recei ved+l>  to  transmitted  do  begin 
output.channel C i ndex 3  :=  0; 
for  key_column  :=  1  to  received  do 
output _channel C index  3  :  = 

ADD  (  output _channel C i ndex 3 , 

MULTIPLY  (output .channel C  key.col umn 3 , 

encode. key C ( transmi tted-i ndex >  +1 3 
C  key.col umn 3 , 
modulus,  field.base) 


end ; 


for  index  :=  1  to  transmitted  do 

WRITE.OCTAL  (output.channel C i ndex 3 ,  field.base): 
writeln;writeln; 

wr itein ( 'do  you  want  to  send  another  ' , recei ved : 2 , '  words 
^  5 

wri tel n (' (type  y  or  n)'); 
readln (response) ; 

if  (response  =  'n')  then  EOT  :=  TF:UE; 
end 

until  (EOT) ; 
page 
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r 
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oo  : 

18:  14 

Li  ne# 

Source 

Line 

IBM  Personal 

Computer  Pascal  Compiler 

V  1 . 00 

499 

500 

end ; 

5u0 

Off  set 

Length 

Variable  -  ENCODE 

72 

12400 

Return  offset, 

Frame  length 

—  0 

n 

TRANSMITTED 

: Integer 

Val ueP 

—  •— \ 

RECEIVED 

: Integer 

Val ueP 

4 

MODULUS 

: Integer 

Val ueP 

-  2122 

2043 

ENF 

: Arr  ay 

-12364 

n 

I NDEX 

: Integer 

-12363 

■> 

ROW 

: Integer 

-12374 

i 

EOT 

: Boolean 

- 1 2370 

COLUMN 

: Integer 

—  6 

•-> 

F I ELD_BASE 

: Integer 

Val  u.eP 

-  4170 

2043 

ENF_PRIME 

: Array 

-  12372 

DIMENSION 

: integer 

-12376 

1 

RESPONSE 

:  Char 

-  6218 

2048 

SUBMAfRIX 

: Array 

-  3266 

2048 

ENCODE..KEY 

: Array 

-10314 

2043 

DECODE  _KEY 

:  Arr ay 

-12366 

KEY  ..COLUMN 

: Integer 

70 

64 

OUTPUT  CHANNEL 

: Arr  ay 

Val ue P 

-12362 

2048 

COOL  DECODER 

: Array 

501 

502 

503 

C  THE  MAIN  ROUTINE.  THIS  CODE 

READS  IN  THE  NUMBER  OF 

504 

CHANNELS  SENT 

AND  THE  NUMBER 

OF  CHANNELS  WHICH  NEED 

505 

TO  BE 

RECIEVED,  AND  GENERATES 

AN  ENCODE-NORMAL  FORM 

506 

MATRIX  FOR  THAT  CHOICE  OF  'TRANSMITTED'  AND  ' RELIEVED ' 

■  J 

507 

503 

509 

var  field_base 

:  integer; 

510 

modul us 

:  integer; 

51  1 

transmi tted 

:  integer; 

512 

recei ved 

:  integer; 

■“  '  "r 

-  V-  - 

rn  r*  1 

•  —  ■>  r-,  n  o  ]  n  v- 

Tt  \  /  ■ 

514 

i  nde>: 

:  integer; 

Cl  i  Cl 

516 

517 

518 

begin 

519 

520 

writeln(chr(2 

7)  ,  ' M  '  )  ; 

•[enable  elite  type  on  orinterl 

521 

522 

writeln ( 'please  enter,  on  one 

line  and  separated  by  blanks,' 

IC 
1 1 
1 1 
1 1 
1 1 
1 1 
1 1 
i  1 
i  i 


i  i 
1  i 

.  i 

[  l 

I  i 
i  l 

I I 

1 1 
1 1 

1 1 
i  1 

00 

[Tit  ab 


Li  ne# 


/ 

523 

529 

530 
331 
5^" 

er 

5 


34 

35 

36 

537 
533 

538 

539 

540 

540 

541 

542 


F  age  1 6 
05-24-84 
00 : 1 3 : 1 7 

Source  Line  IBM  Personal  Computer  Pascal  Compiler  VI. 00 

? 

writeln('the  field-base,  modulus,  number  of  cnannels  to  be  s 
n  t ,  '  )  ; 

writeln('and  number  of  channels  to  be  received.  The  modulus 

> ; 

wr i tel n ( ' shoul d  be  an  octal  number;  all  other  numbers  should 

)  ; 

writeln ( 'be  decimal.'); 
wr i tel n : 

read  ( f i el d_base ) ; 

READ_0CTAL  (modulus); 

modulus  :=  modulus  -  TWQ_TQ_THE ( f  i  el  d_base>  ; 
read  (transmitted); 
readln  (received); 
wr i tel n  ; 

wr i tel n (' thank  you... please  wait ' ) ;writeln; 

ENCODE  (transmitted,  received,  modulus,  field_base,  channel  .a 


writeln (chr (27) ,chr (64) ) ;  [disable  special  pfint  mode 


end . 


set 

0 

74 

Length 

76 

Var iable 

Return  offset,  Frame  length 
INDEX 

: Integer 

St at i c 

4 

MODULUS 

: Integer 

Static 

10 

64 

CHANNELS 

: Array 

St  at i c 

3 

RECEIVED 

: Integer 

St at i c 

9 

F IELD_BASE 

: Integer 

Static 

6 

'■n 

TRANSMITTED 

: Integer 

3 1  a  t  i  c 

Errors  Warns  In  Pass  One 


12 


Page 

17: 43: 
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•3  const  zero 

4  one 

5  max  index 

6  WGRDLENGTH 


Lins#  Source  Line 
1  program  dn  + 


IBM  Personal  Computer  Pascal 
( l nout , output > ; 


s 

type 

mat  row  =  arrav 

Cl.,  ma::  1  nde 

p 

10 

1 1 

matrix  =  array 

Cl.,  ma::  l  nde 

v  fir 

l  nde: : 

:  integer: 

12 

v  an 

:  matrix ; 

13 

d.nf 

:  matrix; 

14 

dnf  _ori  me 

:  matrix; 

1 5 

recei ved 

:  integer; 

1  6 

transmi tted 

:  integer; 

17 

f i el  debase 

:  integer; 

•  .-i 

l  o 

modulus 

:  integer; 

19 

row 

:  integer; 

20 

col 

:  integer; 

21 

rows 

;  integer; 

■nn 

datarow 

:  integer; 

r  ■,  -T 

datarows 

:  integer; 

24 

extra_desid 

:  integer; 

25 

col umns 

:  integer; 

2o 

dimension 

:  integer; 

•-  T 

temp 

:  integer; 

23 

channel 

:  integer; 

1*1? 

desired ^channels 

:  integer; 

30 

reduci ng_el t 

:  integer; 

31 

reduced_el t 

:  integer; 

-r 

dead„channel s 

:  integer; 

3"*p 

dead_channel 

:  mat_row; 

34 

decoder 

;  matrix; 

~r  rr 

desired_channel 

:  mat_row; 

36 

data 

;  matrix; 

~r 

r|  r»  e. }  4  <5  r  t  3. 

:  matrix; 

33 

act i va_channel 

;  mat.row; 

T  GJ 

codeword 

:  mat._row; 

4'.') 

c 1 earword 

:  integer; 

41 

conti nue 

:  char; 

42 

act i ve 

;  boolean; 

43 

43 

44 

45 

i. 

EOT- 

;  boolean; 

of  integer; 
of  mat_row; 


{End  Of  Transmission 


l#  ir 


Source  Line  IBM  i-’ersonal  Lcmputer  Pascal  Compiler  VI.  00 

■C  the  TtoG_7G_THE  function  makes  up  for  the  lack  of  a  generalize 
d 

exponentiation  operator  in  standard  Pascal.  It  returns  two 
raised  to  the  power  of  its  caller-supplied  argument. 


function  TW0_TQ_THE  (argument  :  integer):  integer; 


Limul  atcr 


1  nde: 


integer; 
i nteger ; 


beg  1  n 

accumulator  :=  1; 
for  index  :  =  1  to  argument  do 
accumulator  :=  accuniuiator  * 
TW0_TG . THE  : =  accumul atcr ; 
end; 


Offset  Length 
2  14 

-6  2 


Variable  -  TW0_T0_THE 
Return  offset.  Frame  length 
(function  return)  ;  Integer 

ARGUMENT  : Integer 

INDEX  : Integer 

ACCUMULATOR  : Integer 


C  the  READ_QCTAL  routine;  this  routine  allows  the  user  of 
the  program  to  input  his  values  in  octal  rather  than  in 
decimal;  it  replaces  the  Pascal  standard  'read"  routine.  1 

procedure  READ_QCTAL  (var  total  :  integer); 

const  BLANK  -  ; 

■ar  inchar  :  char; 


begin 

read  ( i nchar ) ; 


while  (inchar  =  BLANK)  do 
read  ( i nchar ) ; 


17:44:0 
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21  82  while  not  (inchar  =  BLANK)  do  begin 

22  33  total  :=  total  *  3  +■  (ord (inchar)  -  ord('O')); 

22  84  read  (inchar) 

22  35  end 


ab  0", 


Of t set  Length 
2  3 


Variable  --  READ_QCTAL 
Return  offset,  Frame  length 
TOTAL 
INCHAR 


: Integer  VarP 
:  Char 


(the  top  I TE_ OCTAL  routine;  it  replaces  the  Pascal  standard 
"write"  routine  and  allows  the  program  to  report  its 
output  values  in  octal  rather  than  in  decimal. 

procedure  WRITE_OCTAL  (number  :  integer; 

field_base  :  integer  ); 


var  out but 
temp 
i  ndex 


array  C i . . WORDLENGTH 1  of  char; 
integer ; 
i nteger ; 


20  102  begin 

21  103  for  index  :=  1  to  WORDLENGTH  do  outbuf  E index  1  ; =  'O'; 

21  104  index  :=  1; 

105 

21  106  while  (number  >  0)  do  begin 

22  107  temp  :=  number  mod  3; 

22  108  outbuf C i ndex J  : -  chr  (ord('O')  +  temp); 

22  109  index  : =  index  +  1; 

22  110  number  ;=  number  div  3 

21  111  end; 

i  i  p 

21  113  temp  :=  (  f  i  el  d_base  +  2)  div  3); 

21  114  if  stamp  :  1)  then  temp  ; »  1; 

21  115  if  (temp  <  (index  -  1 ) >  then  temp  ;=  index  -  1; 

21  116  for  index  :=  temp  downto  1  do  write  (outbuf  C  l  nde;-:  ]  )  ; 

21  117  wr i te ( '  ' ) 

113 

10  119  end; 

Jifab  119  Offset  Length  Variable  -  WRITE_QCTAL 


: TE  OCTAL 
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Li  ne# 


15 


1 20 
121 
1 22 

123 

124 

125 

20  126 

20  127 

123 

2.0  129 

=•  21  130 

10  13 1 

>•«!  tab  131 


132 

133 

134 

135 

136 

137 

20  138 

20  1 3? 

20  140 

20  141 

i  42 

20  143 

20  144 

145 

20  1 46 

147 

21  148 
149 

2  1  1  50 

21  151 
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4 

30 

Return  offset, 

Frame  length 

-  0 

'-p 

NUMBER 

: Integer 

7a 1 ueP 

24 

•-) 

TEMP 

:  Integer 

26 

n 

INDEX 

: Integer 

—  O 

n 

F I ELD_BASE 

: Integer 

Val ueP 

_  nn 

16 

0UTBUF 

: Array 

The  ADD  -function  returns  the  logical  xor  o-f  its  two  caller- 
supplied  arguments.  This  is  addition  over  GF(n)  tor  any  n. 


-Function  ADD  (terml 
ter  m2 


integer ; 

integer  ):  integer; 


begin 

ADD  :=  (  (terml  or  term2>  and  (not (terml  and  term2> )  ) 

end ; 


U-ftset  Length 
4  10 

-8  2 

0  2 


Variable  -  ADD 

Return  offset,  Frame  length 

(function  return)  : 

TERM1 

TERM2 


Integer 

: I n t  eg  er  Va 1 ueP 
: Integer  ValueP 


C  The  MULTIPLY  function  performs  multiplication  over  GF < n ) 
modulo  the  caller-supplied  modulus  and  returns  the  result 
of  the  multiplication. 

function  MULTIPLY  (factorl 

f actor2 
modul us 
f i el d_base 

var  index  :  integer; 
answer  :  integer; 

begin 

answer  :=  0; 

for  index  :=  0  to  (field_base  -  1)  do 
begin 


l nceger ; 
integer ; 
i nteger ; 
integer  ) 


integer : 


16 


Li  nett 

i  52 

i 
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answer  :=  answer  *  2; 


1 54 

if  *  ( 

(factorl  mod  TW0_T0_THE  (field_base  -  index)) 

155 

div  TW0_TQ 

_THE 

(field_base  -  (index+1))  )  >  0) 

156 

then 

answer  := 

ADD 

(answer,  f actor2> ; 

157 

158 

if  (  < 

answer  div 

TW0_ 

TQ_THE  (f ield_base> )  >  0) 

159 

c 

01 

r 

jj 

answer  := 

ADD 

(answer , 

160 

TW0_TQ_THE  (field_ba.se)  +  modulus) 

1  6  1 

end ; 

i  62 

MULTIPLY  : 

=  answer 

163 

end ; 

□  ■ft set  Length  Variable  -  MULTIPLY 

-  S  20  Return  offset.  Frame  length 

L  2  '.function  return  j  : 

0  2  FACTOR 1 

-14  2  INDEX 

-16  2  ANSWER 

-2  2  FACT0R2 

-  4  2  MODULUS 

6  2  FIELD  BASE 


Integer 

Integer  v-alueF 

Integer- 

Integer- 

I nteger  Val  ueF' 
Integer  ValueF' 
Integer  ValueF’ 


The  INVERSE  function.  It  accepts  a  field  element  and 
returns  the  element's  multiplicative  inverse.  This 
implementation  is  very  slow  primitive —  it  should  be 

replaced  by  Davida's  inverse  routine  or  some  other  fast 
implementation  at  the  first  opportunity. 


function  INVERSE  (  element 

f i el d_base 
modul us 


integer; 
integer ; 
integer 


integer ; 


index  :  integer; 
3n=wor  ?  integer; 
squares  :  integer; 


begi  n 


answer  :=  1; 
squares  :=  element; 


for  index  :=  1  to  <field_base 
begin 


1  >  do 


§ 

X 


G  I C 


i  /  IDE 


.ine# 

187 

188 
18? 

190 

191 

192 

193 


Source  Line 

squares 
answer 
end ; 


Page 
05-23 
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MULTIPLY  (squares , squares , maaul us , f l el d_base )  : 
MULTIPLY  (answer , squares , modulus , f i el d_base) 


INVERSE  :=  answer 
end ; 


Offset 

Length 

Variable  -  INVERS 

- 

o 

20 

Return  offset,  Fr 

- 

10 

nj 

(function  return) 

- 

0 

■n 

ELEMENT 

- 

12 

INDEX 

- 

14 

ANSWER 

- 

■  ^ 

FIELD_BASE 

- 

4 

MODULUS 

- 

16 

9 

SQUARES 

Integer 

:  Integer  ValueP 
: Integer 
:  Integer 
: Integer  ValueP 
:  Integer  ValueP 
: Integer 


•C  The  DIVIDE  -function  performs  Galois-field  division, 
it  accepts  dividend,  divisor,  modulus,  and  field-base 
(in  that  order),  takes  the  inverse  of  the  divisor,  and 
multiplies  the  result  by  the  dividend. 


function  DIVIDE  (  dividend 

di vi sor 
modul us 
field  base 


i nteger ; 
integer ; 
l nteger ; 
integer  ) 


integer ; 


var  di vi sor _i nverse 
begi  n 


i nteger ; 


di visor_inverse  :=  INVERSE  (divisor,  field_base,  modulus); 
DIVIDE  :=  MULTIFLY  (dividend,  di vi sor_i nverse , 

modulus,  field  base  > 


end ; 


Offset  Length 
3  16 

_  1  ^  O 

0  2 


Variable  -  DIVIDE 

Return  offset,  Frame  length 

(function  return)  : 

DIVIDEND 

DIVISOR 

MODULUS 

FIELD  BASE 


Integer 

: Integer  ValueP 
:  Integer  ValueP 
:  Integer  ValueP' 
: Integer  ValueP 


Val  ueF' 


5 
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: Integer 
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20 
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24 

24 

24 


214 

215 

216 

217 

218 
219 

t  ‘  j 
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-?y,  4 
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237 
233 

239 

240 

241 

040 

243 

244 

245 

246 

247 

247 

248 

249 

250 

251 

252 

253 

254 

255 

256 


I  The  HERMITE_NQRMALIZE  routine  takes  a  matrix  which  is 
at  least  two  columns  wide  and  which  is  also  at  least 
as  tall  as  it  is  wide  and  reduces  it  to  Hermite  normal 
form  (i.e.  to  a  form  with  an  identity  matrix  at  the  top.)  } 


procedure  HERM I TE _N0RMAL I ZE  (var 

m 

:  matrix; 

rows 

:  integer; 

col  s 

:  integer; 

,modl 

:  integer; 

f _base 

:  integer 

var  row 

1 n eager ; 

col 

integer ; 

reduci ng_col 

integer; 

reduci ng_el t 

integer; 

reduced_el  t 

integer ; 

i  ndex 

i nteger ; 

temp 

i nt4^er ; 

begin 

if  (cols  <  2)  then 

writeln  ('stripped  matrix  has  <2  cols:  error') 
else  begin 


for  reducing_col  : =  1  to  cols  do  begin 
index  :=  reduci ng_col ; 

while  (  <m  Creducing_col 3 Ci ndex 3  =  0)  and 
(index  <  reducing_col )  )  do 
index  :=  index  +  1; 

if  (not (index  =  reduci ng_col ) )  then  (switch  c 

o  1  s  > 

for  row  :=  1  to  rows  do  begin 
temp  :=  m  Crow  1  [reduci  ng__col  3 ; 
m  Crow] [reduci  ng_col 3  :=  m  Crow] C  i  ndex 3  ; 
m  Crow] C index  3  :=  temp 
end ; 

reducing_elt  :=  m  Ereduci ng_col  3 Creduci  ng_col  ]  ; 

Cset  leading  elts.  of  columns  to  1  by  dividing  cols  by  constant 


HERMITE  NORMALIZE 


IC 

Li  ne# 

256 

257 

258 

•")  *T 

259 

24 

260 

24 

261 

24 

262 

24 

262 

24 

263 

->  ~r 

264 

265 

266 

267 

268 

-■ 

269 

270 

~T 

271 

24 

24 

^'■7-r 

24 

274 

24 

275 

24 

276 

24 

277 

24 

273 

24 

279 

230 

OT 

A.--* 

281 

Am  Am 

232 

283 

10 

234 

mtab 

234 
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temp  :=  reduci ng_el t ; 

if  (not  (temp  =  1)  )  then  begin 

mCreducing_col 3 Creducing_col 1  :=  1; 
for  row  :=  (reduci ng_col  +  1)  to  rows  do 

m  Crow! Creduci ng_col  1  :=  DIVIDE  (mCrowI Creduci ng_col ] 

temp, 


modi,  f_base  > 


end; 


Ccol umn-reduce  by  clearing  row  ' reduci ng-col '  using  entry 
m Creduci ng_col 3 Creduci ng_col 1 . 


for  col  :=  1  to  cols  do 


if  (not (col  =  reduci ng_col  ) )  then  begin 
reduced_elt  : =  m  Creduci ng_col 1 Ccol 1 ; 
if  (not (reduced_el t  =  0))  then 

for  row  :=  reducing_col  to  rows  do 
m  Crow! Ccol 3  : = 

ADD  (m  Crcw3Ccol3, 

MULTIPLY  (m  Crow! Creduci ng_col 3 , 

reduced_elt,  modi,  f_base  )  ) 

end 

end 

end 


end; 


Offset 

Length 

Variable  -  HERMITE_N0RMALI ZE 

- 

10 

42 

Return  offset,  Frame  length 

- 

0 

*7 

M 

:  Ar  r  ay 

VarP 

- 

^7 

ROWS 

:  Integer 

Val ueP 

- 

4 

*7 

COLS 

:  Integer 

Val  ueF1 

- 

14 

ROW 

:  Integer 

- 

16 

n 

COL 

: Integer 

- 

6 

M0DL 

:  Integer 

- 

8 

'-y 

F_BASE 

: Integer 

Val ueP 

- 

24 

2 

INDEX 

: Integer 

- 

26 

TEMP 

: Integer 

- 

18 

2 

REDUC I NG_CQL 

: Integer 

- 

o 

Am 

REDUCED.ELT 

:  Integer 

- 

20 

n, 

REDUCING_ELT 

:  Integer 

PM I TE  NORMALIZE 


IN  IN  IN 


110 


N'J 


li 

:l 


.  nett 

285 

286 

287 

288 

289 

290 

291 

-~i  r~,  —t 


294 

“i  -j  cr 


"7  O 


300 

30 1 

302 

303 

304 

305 

306 

307 

308 

309 


r.27 

528 

529 
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■C  The  C0NSTRUCT_VAN  routine.  This  procedure  constructs  a 

square  Vandermonde  matrix  with  the  dimension  supplied  by  the 
calling  routine. 


procedure  C0NSTRUCT_VAN  (var  van 

n 


f  i  el  d_base 
modulus 


matrix ; 
integer ; 
i nteger ; 
integer  ) : 


var 


row 

col umn 
exponent 
i  ndex 
temp 


integer; 
integer ; 
i nteger ; 
i nteqer ; 
integer ; 


begin 


if  ( n  < 
el  se 
begin 


3)  then  writeln  ('van  dimension 


error  '  ) 


310 

■Cbuild  first  row  of 

van. 

7 

J 

31 1 

312 

van  C  1  3  C  1  3  :  = 

1 ; 

313 

for  column  := 

2  to 

n  do 

314 

van  Cl  3 [column!  : 

=  0; 

315 

316 

•Cbuild  second  row  of 

van. 

7 

J 

317 

313 

for  column  := 

1  to 

n  do 

319 

van  C23Ccolumn3  : 

=  1; 

320 

32 1 

Cbuild  third  row  of 

van . 

7 

J 

7nn 

van  C33C13  := 

is 

324 

van  C33C23  := 

o  • 

, 

325 

for  column  := 

3  to 

n  do 

326 

van  C33  [column  3  : 

= 

MULTIPLY  (van  C 33 [column  -  13,  2, 
modulus,  field_base 


Cbuild  remaining  rows  of  van.  J 


1 J  I J  to 1 J 


[C  Line# 
331 


;# 

>5 


36 


33 
3 

rr»n 

540 

541 

542 

543 
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it  (n  >  3)  then 

tor  row  :=  4  to  n  do  begin 
van  Crow! Ill  :=  1; 
tor  column  :=  2  to  n  do 
van  Crow] [column]  := 

MULTIPLY  (van  Crow 


end 


end 


13 [column],  van  C33 [column 
modulus,  Tield_base 


end ; 


L.  3 

343 

□ft set 

Length 

Variable  -  CONSTRUCT  ..VAN 

•a 

-r  7 

Return  offset,  Frame  length 

-  o 

n 

VAN 

: Array  VarP 

.4- 

7 

N 

: Integer  VaiueP 

12 

*7 

ROW 

: Integer 

4 

7 

FIELD_BASE 

: Integer  VaiueP 

~  6 

7 

MODULUS 

: Integer  VaiueP 

14 

7 

COLUMN 

: Integer 

18 

7 

INDEX 

: Integer 

20 

7 

TEMP 

: Integer 

16 

7 

EXPONENT 

: Integer 

344 

345 

346 

347 

■C  the  ' 

TRANSPOSE 

routine  accepts  a  matri;-:  and 

its  d i men  s i on  s 

343 

and  | 

produces 

the  transpose  of  the  matri;:. 

J 

349 

20 

350 

procedure  TRANSPOSE  (  m  :  matri::; 

20 

351 

var  m_p rime  :  matri;:; 

-  ■ 

— »■  f— 

r*%  r ni.tc  ■  ■»  nf  onc-r  • 

20 

353 

m._cols  :  integer  ); 

20 

355 

var  row  ;  integer; 

20 

356 

357 

col  :  integer; 

20 

353 

begin 

21 

359 

for  row  s =  1  to  m_rows  do 

21 

360 

for  col  :s  1  to  m_cols  do 

21 

361 

m_primeCcol DCrowl  :=  mCrow] Ccol 3 ; 

ANSPOSE 


JG  IC  Line# 
10  362 


bvmtab  362 


363 

364 

365 

366 

367 
3  6  8 
369 

1 0  370 
371 

373 

374 

375 

376 

1 1  377 

I  1  377 

I I  37B 

1 1  379 

1 1  380 

381 

1 1  382 

1 1  383 

384 

1  1  385 

386 

387 

388 

389 

i  1  390 

391 

1  i  392 

393 

394 
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Offset 

Length 

Variable  -  TRANSPOSE 

-  2054 

2066 

Return  offset, 

Frame  length 

-  2046 

2048 

M 

: Array 

Val ueP 

-  2048 

M  PRIME 

: Array 

VarP 

-  2050 

M  ROWS 

: Integer 

Val ueP 

-  2052 

'—i 

M_C0LS 

:  Integer 

Val ueP 

-  2058 

ROW 

: Integer 

-  2060 

9 

COL 

: Integer 

C  THE  MAIN  ROUTINE.  THIS  CODE  GOES  THROUGH  THE  ENTIRE 
DECODING  PROCESS,  WHICH  IS  BROKEN  INTO  COLD,  COOL  AMD 
HOT  PRECOMPUTE  STAGES  AND  ONLINE  DECODE  STAGE.  ? 

begin 

•C  COLD  PRECOMPUTE  STAGE  BEGINS  HERE.  1 

C  First,  we  read  in  the  modulus  and  -field-base  -for  the 

Galois  field  to  be  used  in  our  cal cul ati ons.  } 

wri  tel  n  (' F'l  ease  enter,  on  one  line  and  separated  by  a  blank, 
)  5 

writeln('the  field-base  and  modulus  to  be  used.  The'); 
writeln ( 'field-base  should  be  a  decimal  number  and  the); 
wri tel n ( 'modulus  should  be  an  octal  number.'); 

read (f ield_base)  ; 

READ_OCTAL (modulus)  ; 

modulus  :=  modulus  -  TW0_T0_THE (f i el d_base) ; 


•C  Next,  we  construct  a  Vandermonde  matrix  called  VAN. 
dimension  :=  TW0_T0_THE ( f i el d_base> ; 

CONSTRUCT_VAN  (van,  dimension,  field_base,  modulus): 


COOL  PRECOMPUTE  STAGE  BEGINS  HERE 


Line# 

397 

398 

399 

400 

401 

402 

403 

404 

405 

406 

407 

408 

409 

410 

411 

411 

412 

413 

414 

415 

416 

417 

418 

419 

420 

421 

422 

423 

424 

425 

426 

427 

428 

429 

430 

431 

432 
4-^3 

434 

435 

436 

437 

438 

439 

440 

441 
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C  Next,  we  read  in  the  number  of  channels  to  be  sent 
by  the  transmitting  node. 

writeln < 'Please  enter  the  number  o-f  channels  to  be  sent'); 
writeln ('by  the  transmitting  node.  This  should  be  a'); 
wr i tel n ( ' deci mal  number.'); 

readl n ( transmi tted )  ; 


I  Next,  we  read  the  number  of  channels  to  be  received  by 

the  receiving  node.  } 

wri  tel  n  (  '  pi  ease  enter  the  number  o-f  channels  active  at'); 
writeln (the  receivers  node;  this  should  be  a  decimal  number 


readln  (received) ; 


•C  Now  we  strip  away  the  extraneous  rows  and  columns  o-f  the 
vandermonde  matrix.  We  leave  only  the  topmost  n  rows  and 
the  leftmost  k  columns  o-f  VAN. 

rows  :=  transmitted; 
columns  :=  received; 


•C  Next,  we  hermi  te-normal  i  :e  van  to  give  us  a  tall,  thin  matri 
with  an  identity  at  the  top.  > 

HERMITE_N0RMALI ZE  (van,  rows,  columns,  modulus,  f i el d_base ) ; 


■C  Finally,  we  construct  our  "special"  left-kernel  for  the 
stripped,  col-reduced  VAN.  This  matrix  is  short  and 
fat,  with  an  identity  at  the  left,  and  it  is  our  DNF 
(Decode-Normal -Form)  matrix. 

for  row  : =  1  to  (transmitted  -  received)  do 
for  col  :=  1  to  received  do 

dnf  CrowlCcolD  s=  van  Crow  +  recei ved 3 Ccol 3 ; 

for  row  : =  1  to  (transmitted  -  received)  do 
for  col  :=  (received  +  1)  to  transmitted  do 
if  (  (col  -  received)  =  row)  then 


Line# 

342 

443 

444 

445 

446 

446 

447 
44S 
443 

449 

450 

451 

451 

452 

453 

454 

455 

455 

456 

457 

458 

459 

460 

461 

462 

463 

464 

465 

466 

467 

468 

469 

469 

470 

471 
471 
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dnf  CrowlCcoll  :=  1 
e  l  se 

dnf  Crow 3 [coll  :=  0; 

TRANSPOSE  (dn-f  ,  dn-f_prime,  (transmitted  -  received),  transmit 
ted)  ; 

HERMITE_NORMALIZE  (dnf_prime,  transmitted,  (transmitted  -  rec 
ei ved ) , 

modulus,  -f  l  el  d_base>  ; 

TRANSPOSE  (dnf_prime,  dn-f,  transmitted,  (transmitted  -  recei v 
ed )  )  ; 


wr i tel n ; 

writeln  ('DNF  matrix  -for  '  ,  recei  ved :  2 ,  '  out  of  ^transmitted: 
2)  ; 

write  ('channels  over  GF  2** ( ' , f i el d_base : 1 , ' )  mod  >; 
temp  :=  modulus  +  TW0_TQ_THE  (f i el d_base) ; 

WRITE_OCTAL  (temp  ,  -f  ield_base>  ; 
writeln (  is:  ');writeln; 

•for  row  :=  1  to  (transmitted  -  received)  do  begin 
wri teln; 

-for  col  :=  1  to  transmitted  do 

WRITE_0CTAL  (dnf  Crow3[col3,  field_base); 

end ; 

writeln; writeln; 

■C  HOT  PRECOMPUTE  STAGE  BEGINS  HERE.  > 

writeln ( 'please  enter,  on  one  line  and  separated  by  blanks,') 

■ 

J 

writeln('the  numbers  of  the  ' , recei ved : 2 , '  channels  active'); 
writeln ('at  the  receiving  node.  These  numbers  should  be  deci 
mal .  '  ) ; 


for  index  :=  1  to  (received  -  1)  do  read  (acti ve_channel  Lind 

i  2)  ; 

readln  (active  channel  [received!); 


■C  Here  we  fill  up  the  data  matri: 


row  : =  1 ; 

for  index  : =  1  to  received  do 
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1 1 

481 

it  (acti ve_channel  L index  3  <=  ( transmi tted  -  received))  the 

1 1 

481 

n 

cog  l  n 

.  * 

1  *. 

482 

tor  col  :=  1  to  transmitted  do 

1  •••% 

1  — 

433 

data  CrowlCcoil  := 

i  -2 

484 

dnf  [  acti  ve_channel  [index!  3Ccol3; 

4 

1 

485 

row  :=  row  +  l 

•  t 

486 

end ; 

t  1 

437 

datarows  :=  row  -  1; 

4Sd 

439 

490 

r 

V 

Here  we  fill  up  the  desiderata  matrix  and  those  rows  of  the 

491 

decoder  matrix  correspond i ng  to  channels  whicn  we  are  rscevin 

491 

492 

g. 

% 

J 

1  .1 

493 

desi r ed _cnannel s  :=  0: 

1  1 

4*4 

dead_ch annel s  : =  0; 

1  1 

A  r~,  cr 
•t  7  -J 

extra  desid  :=  1; 

L  1 

496 

for  channel  : =  1  to  transmitted  do  begin 

1  2 

497 

active  :=  FALSE; 

i  2 

493 

for  index  :=  1  to  received  do 

12 

499 

if  (act i ve_channel  [index!  =  channel )  then  active  :=  TRUE 

12 

469 

5 

12 

500 

if  (  (not  active)  and  (channel  <=  received)  )  then  begin 

13 

50 1 

desired_channels  :=  desi red_channel s  +  i* 

13 

502 

desired_channel  Cdesired_channelsl  :=  channel; 

X  •' 

503 

if  (channel  >  (transmitted  -  received))  then  begin 

14 

504 

dead_channel s  :=  dead_channel s  +  1; 

14 

505 

dead_channel  Cdead_channel si  :=  channel; 

14 

506 

for  col  :=  1  to  transmitted  do 

14 

507 

desiderata  [channel  1 Ccol 1  :=  data  Cextra_desid 3 Ccol 1 ; 

14 

508 

extra_desid  :=  extra_desid  +  1 

14 

509 

end 

13 

5 1 0 

el  se 

13 

51 1 

for  col  :=  1  to  transmitted  do 

13 

512 

desiderata  Cchannel 3 [col  3  :=  dnf  [channel  3 [col  3 

13 

513 

end 

1  2 

514 

pl  Sg  j  -f  f  \/(a)  fr  0P  honi  n 

1  3 

515 

dead_channel s  :=  dead_channel s  +  1; 

1  3 

518 

cJead_channel  [  dead  _c  h  »n  n  e  1  s  3  char/nel 

i  — 

517 

end 

* 

518 

else  if  (channel  <=  received)  then 

i.  2 

519 

for  col  : =  1  to  transmitted  do 

12 

520 

if  (col  -  channel)  then  decoder  [channel  3 [col  3  :=  1 

12 

521 

else  decoder  Cchannel 3 Ccol 3  :=  0 

1 1 

IS" 

■-JX-X- 

end ; 

523 

116 
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■C  Here  we  clear  the  columns  in  the  desiderata  matri;;  correspond 
i  ng 

to  channels  which  we  are  not  receiving. 


row  : 1; 

tor  i ndex  :=  1  to  dead_channel s  do  begin 

if  < dead _channel  C i ndex  3  (transmitted  -  received))  then  b 

egi  n 

for  channel  :=  1  to  desi red_channel s  do 

i f (not (desi red_channel Cch annel 1  =  dead_channel C i ndex 1 ) )  th 
en  begin 

reducing_elt  :=  data  Crowl  Cdead_channel  C  i  nde;.  1 1 ; 
reduced_e.lt  :=  desiderata  C  desi red_channel Cchannel 1  1 

Cdead_channel C l ndex J  J ; 
for  col  :=  1  to  transmitted  do 

desiderata  C  desired_channel Cchannel 1  1  Ccoll  := 

ADD  (  MULTIPLY (desi derate  Cdesi red_channel Cchannel 1 1 C 

col  1  , 

reduci ng_el t , modul us ,  field_base>  , 
MULTIPLY (dataCrowl Ccol 1 , reduced _el t , 
modulus,  field_base>) 

end; 

for  datarow  :=  (row  +  1 )  to  datarows  do  begin 
reducing_elt  :=  dataCrowl  Cdead_channel  C  i  ndei:  1  3  ; 
reduced_elt  :=  data  Cdatarowl Cdead_channel C i ndex 1 1 ; 
for  col  :=  1  to  transmitted  do 
data  Cdatarowl Ccol 1  := 

ADD  (  MULTIPLY (dataCdatarowl Ccol 1 , reduci nq_el t , 
modulus,  f ield_base) , 

MULTIPLY ( dataCrowl Ccol 1 , reduced _el t , 
modulus,  field_base)> 

end ; 

row  :=  row  +  1 
end 

end  • 


■C  Here  we  obtain  ones  in  the  "lead"  columns  of  the  desiderata 
rows  by  dividing  through  by  the  values  previously  in  those 
col umns . 

for  channel  :=  1  to  desi red_channel s  do  begin 

reducing_elt  :=  desiderata  Cdesired_channel Cchannel  1 1 

Cdesi red  channel Cchannel 1 1 : 


117 


IC 

12 


i 

12 
1  1 


1  1 


1  1 


!  I 
12 
12 
1 2 
1  1 


■llr 


Line# 


566 

567 

568 

569 

570 

cr-r  i 
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cr  '7H 
U  ,  2- 


-J  /  .» 
cr  —7  o 
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-for  col  :=  1  to  transmitted  do 

desiderata  Caesi rea_channel [channel  1 1 Lcol 1  :  = 

DIVIDE  (desiderata  [desi red_channel [channel  1 1 [col 1 , 
reduci ng_el t ,  modulus,  field_base); 

end ; 


C  Mow  till  up  the  rows  of  the  decoder  matrix  corresponding 
to  channels  which  were  desired  but  not  active. 


-for  channel  :  =  1  to  desi  r  ed_channel  s  do 
•for  col  :=  1  to  transmitted  do 

decoder  Cdesired_channel [channel ] 3 [col  I  :  = 

desi der ata  [desired  channel [channel  1 ] [col ] ; 


■C  Now  we  print  out  the  decoder  matrix 


wr  i  tel  n  ('  Decoder  matrix  -for  the  active  channels  listed  above 
is:  '  )  ; 


wr  i  t  e  1  n  ; 

-for  row  :  =  1  to  received  do  begin 
•for  col  :=  1  to  transmitted  do 

WRITE_0CTAL  (  decoder  Crowllcol],  f i el  debase) ; 
wri teln 
end ; 


1 1 

581 

wri tel n ; 

592 

593 

594 

•C  DECODING  BEGINS 

HERE. 

■k 

J 

595 

1 1 

596 

EOT  :=  FALSE; 

1 1 

597 

while  (not  EOT) 

do  begin 

598 

12 

599 

wri teln ( 'pi  ease 

enter,  on  one 

line 

and  separated 

by  blanks, ' 

t  •**» 

SQO 

12 

I 

600 

wr i tel n ( ' the  data  received  on 

each 

of  the  channel 

s  a  c  1 1  v  e  a  t 

12 

2.-  •  } 

60 1 

writeln('the  receivers  node. 

The 

data  should  be 

in  the  term 

12 

A)0  1 

>  5 

i  'J. 

602 

writeln('o-f  octal  numbers,  and 

should  be  entered 

in  order  of 

1 2 

602 

) ; 

12 

603 

wr i tel n ( ' i ncr easi ng  channel  number 

.  '  >  ; 

604 

12 

605 

■for  index  :=  1 

to  transmitted 

do 
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606 

codeword  E index!  :  =  0; 

607 

608 

-for  index  :  = 

1  to  received  do 

609 

READ_GCTAL 

(  codeword  E  active  channel  E index  1  1  ); 

6 1 0 

oil 

wr  i  t  e 1 n ; 

612 

wr i tel n ( ' the 

'  ,recei\'ed:2,  '  transmitted  cleartext  words  were 

612 

)  ; 

613 

wri teln (' (octal  numbers  expressed  in  channel  order):') 

• 

* 

614 

wri tel n ; 

615 

616 

■for  index  :  = 

1  to  received  do  begin 

617 

clearword  : 

=  0; 

618 

-for  col  :  = 

1  to  transmitted  do 

61? 

cl earword 

:=  ADD  (clearword, 

620 

MULT  I PLY  ( decod er  L i n d ex ] E  c o 1 1 , 

621 

codeword  Ecol 1 , 

622 

modulus,  field  base;  ,■ 

n 

6-^3 

WRITE  OCTAL 

(clearword,  field  base) 

624 

end ; 

625 

wnteln; 

626 

62  7 

writeln ( 'do  you  want  to  decode  another  ' , recei ved : 2 , ' 

words? 

627 

>  ; 

623 

wri teln ('  (type  y  or  n).’>; 

62? 

630 

readl n (continue) ; 

63 1 

if  (continue 

=  'n>  then  EOT  :=  TRUE 

632 

6  j  •-* 

end 

634 

635 

end . 

63  j 

Offset  Length 

Var l ab 1 e 

0  1 2592 

Return  offset,  Frame  length 

2052  2048 

DNF  : Array 

Stat i c 

6 1 58  2 

i- ' 0 1  •  T  .  ,  +•  an  ai- 

'-4-  ?4-  i 

12590  1 

EOT  : Boolean 

Static 

i  /i  n 

*+  I'vto 

VAM  :Arra\ 

'=■  r  a  i-  - 

6156  2 

ROW  :  I nteqer 

Static 

6160  2 

ROWS  : Integer 

Stat l c 

8360  2043 

DATA  : Array  * 

Stati c 

6172  2 

TEMP  :  Integer 

Static 

INDEX  :  Integer 

Stat i c 

12588  1 

ACTIVE  : Boolean 

Stati c 

6162  2 

DATAR0W  : Integer 

Static 

Li  ne# 


Source 

Line 

IBM  Personal  Computer  Pascal 

17: 

Compi 1 er 

45:  13 

V 1 . 00 

6166 

2 

COLUMNS 

: Integer 

Stat i c 

6174 

2 

CHANNEL 

: Integer 

St at l c 

6248 

2048 

DECODER 

: Array 

Static 

6154 

s-\ 

MODULUS 

:  Integer 

Static 

6164 

o 

DATAR0WS 

:  Integer 

Stat j  c 

1 2520 

64 

CODEWORD 

: Array 

Static 

12586 

1 

CONTINUE 

:  Char 

Stat i c 

4100 

2043 

DNF_PR IME 

: Arr ay 

Static 

6148 

~i 

RECEIVED 

:  Integer 

Static 

6 1 70 

n 

DIMENSION 

: Integer 

Static 

12584 

2 

CLEARWORD 

: Integer 

Static 

6152 

F  IELD_BASE 

: Integer 

Stat i c 

10408 

2048 

DESIDERATA 

: Array 

Static 

6150 

2 

TRANSMITTED 

:  Integer 

Stat i c 

6 1 66 

EXTRA_DE3 I D 

:  Integer 

Stat i c 

6 1 80 

2 

REDUCED_ELT 

: Integer 

St  at i c 

6176 

2 

DES I RED_CHANNELS 

:  Integer 

Static 

6178 

REDUC I NG_ELT 

: Integer 

Static 

6184 

64 

DEAD_CHANNEL 

: Array 

Static 

6182 

DEAD_CHANNELS 

:  Integer 

Static 

8296 

64 

DES I RED_CHANNEL 

: Array 

Static 

12456 

64 

ACT  I VE_CHANNEL 

: Array 

Static 

Errors 

Warns 

In  Pass  One 

